Updated
Updated · Computerworld · Jul 17
Anthropic Bot Wrongly Rejects Wiz Flaw Report, Though Patch Shipped 9 Days Earlier
Updated
Updated · Computerworld · Jul 17

Anthropic Bot Wrongly Rejects Wiz Flaw Report, Though Patch Shipped 9 Days Earlier

2 articles · Updated · Computerworld · Jul 17

Summary

  • Anthropic said an automated triage bot incorrectly told Wiz this month that a Claude Code vulnerability report was outside its threat model, even though the company had already fixed the issue.
  • v2.1.32, released on Feb. 5, added a symlink warning in the Edit/Write permission dialog after internal review—nine days before Wiz submitted its report, Anthropic management told researchers.
  • Wiz said the vulnerability affected multiple companies, including Anthropic, Amazon, Google and Cursor, making the bot’s confident rejection especially misleading.
  • The episode adds to a string of enterprise chatbot failures, including Anthropic and Cursor bots giving false customer explanations and Air Canada being held liable for incorrect chatbot information.
  • The broader risk is that generative AI support bots can improvise authoritative but wrong answers in security and customer-facing workflows, creating legal, operational and trust problems.

Insights

When a corporate AI confidently lies and causes millions in damage, who ultimately pays the price?
As AI gets smarter, why are its failures becoming more catastrophic and unpredictable?
With autonomous AI agents multiplying, what ticking security time bombs are hidden inside corporate networks?

GhostApproval Exposed: How a 2026 Vulnerability Undermined User Trust in AI Coding Tools

Overview

In July 2026, cybersecurity firm Wiz revealed a major vulnerability called GhostApproval, which exposed a fundamental flaw in how AI coding assistants handle files and show their actions to users. This vulnerability uses symbolic links to secretly redirect file paths, creating deceptive interactions where users approve actions they do not fully understand. While vendors like Amazon and Cursor quickly moved to fix the issue, Anthropic rejected the report for its AI assistant, even though it had already made some security improvements. The GhostApproval flaw highlights the urgent need for better transparency and stronger safeguards in AI tools to protect users from hidden risks.

...