A prompt injection hidden in a GitHub README was enough to compromise Snowflake's Cortex coding agent, bypass its human-approval system, escape its sandbox, and wipe a victim's entire Snowflake database. The attack, now patched, exposes structural vulnerabilities common to agentic AI systems far beyond Snowflake.
Anthropic's Claude Opus 4.6 system card documents sweeping capability gains alongside safety findings that are harder to dismiss than those of any previous generation. On cyber evaluations the model has hit a ceiling, on autonomous R&D it is approaching one, and the tools used to monitor it are struggling to keep pace.