Anthropic Claude Code Leak Reveals Critical Command Injection Vulnerabilities

So they aren't running the super Mythos on their own software?

Despite developing and deploying various rules and approaches to mitigate its default behaviour, Claude frequently suggests code that contains poor reasoning, bad assumptions, performance footguns and worse. It often produces fragile and insecure code that is completely unacceptable in the 2026 security environment.

While I get plenty of value from it as a search and comprehension engine and “how to” generator, I’ve largely stopped using it to generate code because it’s just not trustworthy, and I am often left with the feeling that the result would have been both faster and of higher quality without its help.

And so, because I assume Anthropic develop Claude using Claude, I now refuse to accept the very frequent updates to Claude extensions, I’ve cleared out any I’ve been able to find, and I will never give Claude remote access to my devices, no matter how often I’m asked. I don’t intend to use Claude unsupervised in any capacity. It is an astounding technology demo, but I no longer believe the hype.

In my opinion, trusting these tools to write security sensitive code is a mistake, and this is just the first wave of many more security vulnerabilities to come. I firmly believe that we’re going to start seeing see major, widespread failures caused by this stuff, and it’s just a matter of time until the waste matter hits the air circulator.

I think this submission is junk - it appears to be a summarized copy of https://phoenix.security/critical-ci-cd-nightmare-3-command-injection-flaws-in-claude-code-cli-allow-credential-exfiltration/

From https://beyondmachines.net/events/ it looks like that domain publishes rewrites of advisories - probably LLM-generated - as a SEO trick.

The only thing keeping me sane right now in times of extreme uncertainty around my profession (less about my hobby, since I don't care too much what's happening, I just enjoy doing things) is seeing how bad Anthropic's engineering is even while having basically infinite access to their models and infinite access to talent and money. Even under these perfect conditions, what they do is so incredibly crappy that clearly we are nowhere near replacing software engineers despite what the hype machine says.

Now, I am not an LLM hater, I do use them sometimes (less now than 3-4 months ago) and I do find a lot of utility with how my brain works (it helps me unblock my mind in times where I get mentally in a loop). But it has become more and more "disappointing" lately.

Nowadays I code everything but I use it as kind of very good searchable documentation so I can stay in the flow instead of having to break it by looking things up (I have terrible memory).