Overview
Severity: CRITICAL | Affected: Anthropic | Category: breach
State-sponsored threat actors successfully breached Anthropic's internal development environment, exfiltrating the weights and architecture documents for an unreleased, next-generation large language model codenamed 'Claude-Next'. The attack vector was a sophisticated chain of exploits, beginning with a compromised developer credential obtained from a third-party code repository, which was then used to exploit a zero-day vulnerability in an internal API gateway. This allowed the attackers to bypass standard authentication and access staging servers where model artifacts were temporarily stored. The breach represents one of the most significant intellectual property thefts in the AI industry to date, highlighting the critical need for robust security controls around the model development lifecycle, especially for sensitive, pre-release assets. Anthropic disclosed the incident after containing the breach and is now working with federal law enforcement agencies to investigate the attribution. The full impact on their product roadmap remains to be seen.