Anthropic published a coordinated vulnerability disclosure framework for bugs its AI systems help identify in open-source and authorized closed-source software. The policy adds concrete timelines, human review requirements, and escalation paths as coding agents become more capable security researchers.
Anthropic published a coordinated vulnerability disclosure framework on March 6, 2026 for vulnerabilities discovered by Claude. The policy sets a default 90-day disclosure path, a compressed 7-day path for actively exploited critical bugs, and a 45-day buffer after patches before technical details are usually published.
Anthropic published a Mar 6, 2026 policy for vulnerabilities identified with Claude. The framework sets a 90-day default disclosure window, a 7-day target for actively exploited critical bugs, and human review requirements before reports go out.