It’s past time to end AI
An automated chatbot working for Anthropic this month shot down a Wiz researcher’s security hole report, saying that it “falls outside of the Claude Code threat model.” That was news to the security researchers at Wiz.
It also turned out to be news to Anthropic execs, who had a very different view.
In reality, Anthropic was one of many victims of the hole — including Amazon, Google and Cursor, among others. But what makes the incident so bizarre is that, far from dismissing the threat, Anthropic had detected it before the security researchers and had even patched it before the researchers alerted them.
As these AI bots are wont to do, the bot didn’t merely reject the request. It confidently explained its rationale, even though its reasoning was wrong.
“This falls outside our current threat model,” the chatbot said, according to a report by Wiz. “When the user first starts Claude Code in a directory, they must confirm that they trust the directory prior to starting the session. The scenario you describe involves a user explicitly confirming a permission prompt inside of a directory containing a malicious symlink, which falls outside of the Claude Code threat model.”
That researchers said Anthropic management later clarified the situation: “The symlink warning in the Edit/Write permission dialog shipped in v2.1.32 (Feb 5, 2026), nine days before this report was submitted to us. It was added as part of proactive security hardening based on internal review. The decline to comment was an autoreply from our triage system.”
An autoreply from our triage system? How many other make-believe replies did this system send? And what level of damage is Anthropic exposing itself to?
This is not just an Anthropic issue. There have been numerous enterprise bot glitches in communications with customers. Some of my favorites include:
Let’s be clear, here: Bots should be limited to relaying only pre-approved scripts.
Generative AI allows for far greater chatbot sophistication, but that also means the chance of far greater errors. This is untenable in any business function. And when the app is pretending to be a human — and interacting with human customers — it’s even more unacceptable.
Related Stories
AI News
Apple regains top spot as world’s most valuable company
1 minute ago
AI News
Amazon’s Zoox recalls self
1 minute ago
AI News
Machine learning for next
1 minute ago
AI News
SHANGHAI, China
2 minutes ago
AI News
China's Moonshot AI claims Kimi K3 can rival OpenAI and Anthropic
2 minutes ago
AI News
Apple unseats Nvidia to become world’s most valuable company as AI bets shift
2 minutes ago
AI News
A Brazilian bay’s surprise shark nursery sparks conservation project
49 minutes ago
AI News
Ford government pushed looser rules for MPP hotel benefit it now plans to reverse
49 minutes ago