Is Anthropic a PR Firm and an AI Outfit?
April 21, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold. Did you know that the freedom loving cyclist at BearBlog thinks my essays are generated by AI. Censorship is okay, right?
On April 9, 2026, I posted “Anthropic: A PR Buzz Champion.” My point was that Anthropic’s play to show that its AI was wonderfully capable. The idea was that the next release of Claude wearing its fragile glass wings and a name badge with the word “Mythos” emblazoned on it would revolutionize cyber security. I viewed the glass wing thing as a PR play. Any other AI in the hands of semi competent security professional with knowledge of coding could find “bugs” too.
I have to give Anthropic credit. It converted its black listing into a White House meeting. Plus, it suggested that a select group of big tech companies could work together to make the digital world one of white clouds, azure skies, sparkling brooks, and friendly birds.
How do you think Anthropic reacts when a security type thinker exposes Anthropic’s own flaws? [a] Thanks the person and enlists that individual’s help to remediate the problem. [b] Ignores the security related information and returns to the mundane business of creating a sustainable revenue stream, [c] Pays another security firm to validate the first person’s disclosure and assembles a team to address what the two researchers identify as the core problem, [d] Explains that the security flaw is not a flaw; it is a feature.
Miss Anthropic, a spokesperson for the AI confectionary, explains that the taste of her treats is intentional. Thanks, Venice.ai. Do you know who Nelly Dean in Wuthering Heights is? But good enough.
If the information in “‘This Is Not a Traditional Coding Error’: Experts Flag Potentially Critical Security Issues at the Heart of Anthropic’s MCP, Exposes 150 Million Downloads and Thousands of Servers to Complete Takeover” is accurate, the correct answer is [d] Explains that the security flaw is not a flaw; it is a feature.
That article says:
Anthropic says it sees no issues… In its findings, Ox researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, and Roni Bar, said that what they found in MCP was not a “traditional coding error”, but an “architectural design decision baked into Anthropic’s official MCP SDKs across every supported programming language, including Python, TypeScript, Java, and Rust.” Any developer building on the Anthropic MCP foundation unknowingly inherits this exposure,” they warned. Ox said the flaw can be triggered in different ways, from unauthenticated UI injection, to hardening bypasses in “protected environments”; and from zero-click prompt injection in leading AI IDEs, to malicious marketplace distributions.
The basic idea is that Anthropic’s AI has a bad heart valve. This may be the reason that the Anthropic brain cannot compute the fact that its security situation is as dire as those the company mined for PR gold. The cited article stated:
The researchers said more than 7,000 publicly accessible servers and up to 200,000 instances are now vulnerable. So far, they’ve issued 10 CVEs and helped remedy the bugs. “However, the root cause remains unaddressed at the protocol level.”
Let me be clear. BAIT (big AI tech) outfits not only share a common approach hooked to Google’s “Attention Is All You Need” paper, these companies are not exactly what they seem to be. Google and Meta have non-AI revenue streams. Most of the other BAIT outfits don’t. The revenue stream each has may not be sustainable.
But the common thread that binds these firms together is the attitude best expressed in this statement I love to quote, “Senator, thank you for the question…” Yeah, upfront, sincere, and totally ethically credible.
Stephen E Arnold, April 21, 2026
Comments
Got something to say?
-
- Subscribe to Beyond Search
Feature archive
News archive
-
