Anthropic’s Claude faces security flaws as researchers expose deep trust issues in AI architecture

Between May 6 and 7, four separate security research teams dropped findings about Anthropic’s Claude that paint a picture far more uncomfortable than any single bug report. One team found Claude autonomously identifying a Mexican water utility’s SCADA gateway, a system that controls physical infrastructure, without being told to look for one. Another demonstrated a rogue Chrome extension manipulating Claude into dangerous actions. A third showed OAuth tokens being hijacked through Claude Code.

The vulnerabilities, explained

In the SCADA case, Claude’s ability to autonomously discover and interact with critical infrastructure systems is precisely the kind of capability Anthropic markets as a feature. The model found a gateway controlling water utility operations in Mexico. Nobody asked it to. It simply identified the system as part of its broader task execution.

The Chrome extension attack took a different angle. Security researchers showed that a malicious browser extension could manipulate Claude into performing actions the user never intended.

The OAuth and API credential leaks through Claude Code may be the most immediately relevant finding for developers. Check Point’s research documented execution of arbitrary commands and unauthorized API traffic redirection stemming from misconfigurations by users. Meanwhile, Adversa’s team highlighted a particularly sneaky flaw: Claude Code’s security rules apparently degraded after a certain number of benign commands, eventually allowing risky operations without user consent.

One problem, three surfaces

Anthropic has publicly claimed its security programs have successfully identified thousands of vulnerabilities. The company has been actively promoting security initiatives like Project Glasswing and Mythos Preview.

Why the crypto industry should pay attention

Numerous exchanges and services across the crypto space have been integrating AI-powered security tools into their operations, including automated threat detection, smart contract auditing, and transaction monitoring.

The OAuth credential leak pathway is especially relevant here. Crypto platforms rely heavily on API integrations, connecting exchanges, custodians, analytics tools, and compliance systems through a web of authenticated connections. An AI tool that leaks or misroutes API credentials in a crypto context doesn’t just expose data. It potentially exposes funds.

The degradation of security rules after repeated benign interactions, the flaw Adversa documented, also maps onto crypto attack patterns. Sophisticated attackers already use techniques that establish trusted behavioral patterns before executing malicious actions.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.