Anthropic publishes frontier threats red teaming methodology and biosecurity findings
Anthropic describes its 'frontier threats red teaming' program, sharing methodology and high-level findings from a 150+ hour biosecurity red-teaming project conducted with domain experts. The team found that current frontier models can sometimes produce expert-level biological information, that risks are likely to grow as models scale and gain tool access, and that unmitigated LLMs could accelerate bioweapon-related misuse within two to three years. Mitigations including training-process changes and classifier-based filters have been deployed, and Anthropic is sharing findings with governments and other labs while calling for more independent red-teaming efforts.
Related guides (3)
Related events (8)
Anthropic Frontier Red Team reports early-warning signs of rapid AI progress in cybersecurity and biosecurity capabilities
Anthropic's Frontier Red Team published findings from a year of safety evaluations across four model releases, documenting rapid capability gains in dual-use domains. In cybersecurity, Claude 3.7 Sonnet now solves roughly a third of Cybench CTF challenges (up from ~5% a year ago), and with the Incalmo toolset was able to replicate a large-scale network attack in realistic cyber range environments. In biosecurity, Claude has moved from underperforming virology experts to exceeding them on the VCT benchmark within one year, and exceeds human expert baselines on cloning workflows. Anthropic assesses current models as showing 'early warning' signs but not yet crossing thresholds of substantially elevated national security risk.
Anthropic publishes frontier model security recommendations including multi-party authorization and secure development frameworks
Anthropic released a policy and technical guidance document outlining cybersecurity best practices for securing frontier AI models, including multi-party authorization to AI-critical infrastructure, adoption of NIST SSDF and SLSA supply chain standards, and public-private cooperation modeled on critical infrastructure sectors. The post argues that advanced AI models warrant security levels far exceeding standard commercial practices and recommends government procurement requirements as a near-term enforcement mechanism. Anthropic states it is actively implementing these controls internally and calls on other labs and governments to adopt similar frameworks.
Anthropic maps 832 AI-enabled cyberattacks, finds MITRE ATT&CK framework inadequate for agentic threats
Anthropic's Frontier Red Team analyzed 832 accounts banned for malicious cyber activity between March 2025 and March 2026, mapping their techniques against the MITRE ATT&CK framework. Key findings: medium-or-higher-risk actors grew from 33% to 56% across the study period; AI use is shifting from initial-access techniques toward post-compromise operations like lateral movement and privilege escalation; and traditional risk signals (technique count, platform used) no longer reliably distinguish threat levels. The report concludes that MITRE ATT&CK lacks coverage for agentic orchestration behaviors—where AI chains attack stages autonomously with minimal human input—which characterize the highest-risk actors, including a state-sponsored espionage operation disrupted in November 2025.
Anthropic publishes policy brief calling for targeted AI regulation within 18 months
Anthropic published a policy position paper arguing that governments have an 18-month window to enact narrowly-targeted AI regulation before risks in cyber and CBRN domains become acute. The post cites rapid capability gains—SWE-bench scores rising from 1.96% to 49% in a year, GPQA scores approaching human expert level—as evidence that frontier models are approaching meaningful misuse thresholds. Anthropic also reviews its Responsible Scaling Policy as a model for adaptive, proportionate risk governance and calls for similar frameworks to be adopted industry-wide and codified in law.
Anthropic Details Collaboration with US CAISI and UK AISI on Constitutional Classifier Red-Teaming
Anthropic has published an account of its ongoing voluntary partnership with the US Center for AI Standards and Innovation (CAISI) and UK AI Security Institute (AISI), in which government red-teamers were given deep access to pre-deployment versions of Constitutional Classifiers used on Claude Opus 4 and 4.1. The collaboration uncovered multiple vulnerability classes including prompt injection bypasses, cipher-based obfuscation attacks, universal jailbreaks via automated attack refinement, and input/output fragmentation exploits, each of which drove architectural improvements to Anthropic's safeguard systems. Key lessons shared include the value of providing unprotected model variants, real-time classifier score access, and detailed internal documentation to enable targeted red-teaming. The announcement frames government partnership as a core component of Anthropic's Safeguards approach rather than a one-off audit.
Anthropic details red teaming methods and calls for standardized AI testing practices
Anthropic published a detailed overview of red teaming approaches used to test Claude and other AI systems, covering domain-specific expert testing, automated red teaming, multilingual/multicultural testing, and multimodal red teaming. The post documents empirical findings about when each method is appropriate, highlights partnerships with organizations like Thorn, Institute for Strategic Dialogue, and Singapore's IMDA, and closes with policy recommendations for building a standardized AI testing ecosystem. The piece is notable for its operational specificity and its explicit call for industry-wide standards to enable cross-system safety comparisons.
Anthropic publishes elections-risk testing methodology and releases automated evaluation tools
Anthropic describes its two-stage process for identifying and mitigating elections-related risks in Claude: qualitative 'Policy Vulnerability Testing' (PVT) conducted with external subject matter experts, followed by large-scale automated evaluations. The post details how findings from PVT inform mitigation strategies such as policy updates, model fine-tuning, and response behavior changes, with a case study on election administration accuracy. Anthropic is also releasing some of its automated evaluation tools publicly to help other organizations improve election integrity efforts.
Anthropic awarded $200M DOD agreement to prototype frontier AI for national security
The U.S. Department of Defense's Chief Digital and Artificial Intelligence Office (CDAO) has awarded Anthropic a two-year, $200M ceiling prototype other transaction agreement to develop frontier AI capabilities for national security applications. Work will include fine-tuning models on DOD data, adversarial AI risk mitigation, and responsible AI adoption across the defense enterprise. Anthropic will leverage its Claude Gov models and existing partnerships with Palantir and AWS-hosted infrastructure. This is a significant expansion of Anthropic's federal footprint, building on prior deployments with defense and intelligence agencies.