Government agencies, cybersecurity companies and threat researchers are pouring resources into studying how fast-developing AI tools can be wielded by malicious actors to hack into victim organizations.

But as agentic AI becomes more embedded in business infrastructure, there’s also a high possibility that a breach could be caused by an insider guiding the tool, whether maliciously or due to lack of security controls.

In research shared exclusively with CyberScoop, DTEX researchers detail how a common workflow in Anthropic’s Claude Cowork used in corporate environments offers convenience for AI agent deployment but grants near-total access to the system.

Claude Cowork includes tools that let users remotely control their agents. One particular tool, known as Dispatch, relays commands from a user’s phone to their desktop Claude agent. It also includes a plugin for communicating with Salesforce AI agents that access and transfer data.

DTEX researchers tested two scenarios. The first prompted Claude to summarize information from Salesforce and paste it into a draft Outlook email. The second tasked the agent with archiving selected files and transferring them via the Cowork app.

In both cases, researchers used simple, single-turn prompts and spent between 10-30 minutes preparing to exfil  the data.

Alex Desmond, director of insider threat intelligence and innovation at DTEX, told CyberScoop that both improvements in frontier models and deeper integration of AI tools into IT network operations have reduced the time defenders have to react to a breach.

“In cyberattacks, you talk about the kind of execution time of adversaries coming in and dropping ransomware, we’re now seeing the kill chain drop to 30 and 10 minutes depending on what they’re doing,” Desmond said. “Six months ago, that was a couple of hours.”

But that speed, when paired with direct access to business networks or cloud services, can also create an insider threat nightmare for organizations that must monitor for both malicious actors and potential mistakes from legitimate employees using the technology.

Over the past few years, western IT and cybersecurity businesses have been inundated with job applicants secretly working on behalf of the North Korean government. Their salaries are used to evade international sanctions and fund Pyongyang’s nuclear program, but it also positions the individuals to access or steal sensitive data or assets from these companies. 

“You’ve got a nation-state actor getting into an environment legitimately,” Desmond said. “Now if you gave them access to AI tools on top of that…you’re like ‘here’s the keys to everything and here’s this awesome tool that’s just going to make your job – stealing our data – easier.’”

Tests by DTEX confirmed that the agents indeed had access to sensitive systems, applications and data – including the ability to download SharePoint corporate data, production documentation in OneDrive, access to Outlook email, Salesforce data (and all the data it can access), and any other files on the user’s endpoint device. For each of these applications, Claude Cowork has a dedicated plugin or API to share externally if prompted.  

To be clear, DTEX’s research does not involve exploiting a software bug or configuration vulnerability, and it doesn’t come with a CVE. It’s more of an IT governance and visibility problem. Businesses are racing to integrate AI tools into their workflow and pushing employees to use the technology while failing to put in place the kind of security controls, access policies and monitoring required to spot problems.

For instance, it may not be possible to determine how a data breach or leakage involving an AI agent actually occurred if an organization is not logging and auditing its prompts – or whether the incident was the result of an agent running amok or responding to potentially malicious instructions.

While network and cloud monitoring can identify when data is being accessed or downloaded from SharePoint, that may not be a strong enough signal to stand out for defenders.

“If a user’s normal workflow is to pull sensitive files down to work locally all the time, you don’t have endpoint monitoring and you introduce an AI agent, it then just has access to all that data” along with the ability to exfiltrate it,” Desmond said.

The post Your AI agent could become your biggest insider threat  appeared first on CyberScoop.

from CyberScoop https://ift.tt/7mtNSMI
https://ift.tt/OlVWAsY

Anthropic is broadening access to its Project Glasswing program, adding approximately 150 organizations in 15 countries, the company announced Tuesday, as its restricted Claude Mythos Preview model has already surfaced more than 10,000 high- or critical-severity software vulnerabilities since the program launched in early April.

The expansion follows an initial cohort of roughly 50 partners that were announced when Anthropic first unveiled the initiative. Those members included technology companies such as Amazon Web Services, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, among others.  

According to the announcement, the new group covers sectors that were underrepresented in the first wave, including power, water, healthcare, communications, and hardware. Many of the new partners are vendors whose codebases underpin critical infrastructure systems.

The company did not give any further details on what companies or organizations were part of the new cohort. 

The scale of what Mythos Preview has already found is drawing attention across the security industry. Cloudflare identified 2,000 bugs across its critical-path systems, including 400 rated high or critical, with a false-positive rate the company described as better than that of human testers. Mozilla found and fixed 271 vulnerabilities in Firefox 150 while testing the model, more than 10 times the number found in a previous Firefox version using an earlier Anthropic model. Several other partners reported that their rates of bug discovery increased more than tenfold after deploying the model. 

Anthropic also used Mythos to scan more than 1,000 open-source projects, flagging 23,019 potential vulnerabilities, 6,202 of them estimated as high or critical. Of 1,752 high- or critical-rated findings independently reviewed, over 90% were confirmed as valid. 

The findings have shifted what Anthropic describes as the central issue in cybersecurity. Despite the enhanced ability to discover flaws, the company admits there are challenges with verifying, disclosing, and patching them before attackers can take advantage.

 “The bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them,” the company said in its blog post. 

That bottleneck has broader implications. A joint report from the Cloud Security Alliance, the SANS Institute, and OWASP concluded that organizations are “likely to be overwhelmed” in the near term by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them.

Anthropic has said it will not release Mythos-class models to the general public, citing the absence of safeguards sufficient to prevent serious misuse. In the interim, it has released Claude Security, a product using its publicly available Claude Opus 4.8 model that has been used to patch more than 2,100 vulnerabilities in three weeks. 

The program’s expansion comes as the Trump administration’s AI security efforts remain unsettled. A highly anticipated executive order addressing AI cybersecurity and frontier model oversight was pulled hours before a planned signing in May. The draft order had proposed a voluntary framework requiring AI developers to submit advanced models to a government review up to 90 days before public release, with the National Security Agency holding final say over which systems qualified as “covered frontier models.”

It was not immediately clear when the White House signing might be rescheduled.

The post Anthropic expanding access to Project Glasswing appeared first on CyberScoop.

from CyberScoop https://ift.tt/UqEArb2
https://ift.tt/ejqio5d