Overview
Severity: CRITICAL | Affected: Anthropic | Category: breach
AI safety and research company Anthropic has confirmed a significant security breach affecting its core infrastructure. The incident, attributed to a sophisticated state-sponsored threat actor, resulted in the exfiltration of sensitive data, including pre-release model weights for its upcoming 'Claude 4' large language model. Additionally, a database containing millions of anonymized, but potentially re-identifiable, customer prompt and response logs from enterprise clients was compromised. The attackers are believed to have exploited a zero-day vulnerability in a third-party orchestration tool used in Anthropic's MLOps pipeline. The company is currently working with cybersecurity firms and law enforcement to investigate the breach and has notified affected customers. The incident highlights the critical value of AI models as intellectual property and the growing threat of industrial espionage targeting AI labs. The potential for the stolen model to be reverse-engineered or misused poses a significant risk.