Anthropic Archives

AppWizard

May 19, 2026

Google Unwraps Plans to Put AI to Work for Android, Web Developers

At the recent Google I/O event, Google introduced a suite of AI tools for Android and Chrome applications aimed at enhancing marketing and management for developers. In the Play Store, AI will assist in app discovery through Google’s Gemini and provide a Q&A interface for user inquiries. New AI-driven management tools for developers include creating app listings based on keyword insights, automating catalog management, analyzing payment issues, and offering retention incentives for users. Google also reduced Play Store charges for developers to a commission of 10% to 20%. For Android programmers, Google’s AI Studio offers coding assistance for specific app categories, while additional enhancements include a command-line interface guided by programming-assistant AIs and new marketing options. In Chrome, Google introduced a trial version of WebMCP for AI agents to connect with site APIs and expanded built-in AI tools for writing and debugging. New web-coding options are being tested to improve app-like interfaces and compatibility metrics. The “Immediate UI Mode” feature allows for a unified login interface to streamline passkey authentication.

Winsage

May 14, 2026

Microsoft pits more than 100 AI agents against each other to find Windows vulnerabilities

Microsoft has introduced MDASH (Multi-Model Agentic Scanning Harness), a security solution that uses over 100 specialized AI agents to identify software vulnerabilities. On May 12, 2026, MDASH identified 16 new vulnerabilities (CVEs) in the Windows networking and authentication stack, four of which were critical, including remote code execution vulnerabilities in tcpip.sys, ikeext.dll, netlogon.dll, and dnsapi.dll. Ten of these vulnerabilities can be accessed over the network without authentication. MDASH operates through a four-stage pipeline: analyzing source code, scrutinizing for suspicious elements, debating the exploitability of issues, and attempting to exploit vulnerabilities. The system is model-agnostic and allows integration of new models and domain-specific knowledge. MDASH scored 88.45 percent on the CyberGym benchmark, ranking first among competitors, although the comparison may not be entirely fair as it contrasts a comprehensive framework with individual models. The models used to achieve this score are not specified. MDASH is supported by Microsoft's Autonomous Code Security Team and is currently in a limited private preview for select customers.

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

AppWizard

May 8, 2026

Codex users have been begging OpenAI for this upgrade — and it’s finally in the works

OpenAI's Codex users have expressed a strong desire for enhanced functionality, particularly remote session control via ChatGPT on mobile devices, which is currently absent. Developers have voiced their frustrations on platforms like GitHub and Reddit, noting that competitors like Anthropic's Claude offer seamless remote access. Recent updates in version 1.2026.125 of the ChatGPT Android app suggest that the remote control feature for Codex is in development, with code indicating users will soon be able to access Codex on their desktops remotely, reconnect to sessions from mobile devices, and receive prompts for updates or restarts. The code also hints at functionalities like creating launcher shortcuts for Codex. While a fully operational preview is not yet available, early indications show that the integration of remote control for Codex is imminent. However, it is noted that an APK teardown provides insights into potential features, but there is no guarantee they will be included in a public release.

Winsage

May 1, 2026

Windows Weekly 981: Semi-Sophisticated

Leo, Richard, and Paul discussed developments in the Windows Insider Program, Snapdragon X2 gaming, artificial intelligence, and Xbox. Two changes in the Insider Program were noted. Microsoft has open-sourced early MS-DOS source code. Intel reported a .7 billion loss, which Paul attributes to 'collusion.' Microsoft and OpenAI are revising their partnership, with Microsoft 365 Copilot gaining enhanced AI features in Word, Excel, and PowerPoint, and GitHub Copilot moving to a usage-based billing model starting June 1. OpenAI is reportedly entering the mobile phone market, while Adobe's Firefly AI Assistant is in preview, and Anthropic is increasing its creator space involvement. Microsoft Gaming has rebranded to Xbox, with new leadership focused on future plans, including a mobile game store pending changes in Apple's policies. Valve will release its Steam Controller next week. A listener inquired about purchasing Windows 11 on Arm for Mac virtualization, leading to suggestions for cost-saving options. PowerToys 0.99 introduces new utilities and improvements. This week’s episode of RunAs Radio compares M365 Copilot and Claude Cowork. Reifel Rye is recommended as the brown liquor of the week.

Tech Optimizer

April 26, 2026

CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister

On April 21, 2026, compromised versions of pgserve (1.1.11, 1.1.12, and 1.1.13) were published on npm, containing a 1,143-line credential-harvesting script that executes during the postinstall phase of npm install. The malware functions as a supply-chain worm, reinjecting itself into other packages if it finds an npm publish token. Stolen credentials are encrypted using RSA-4096 and AES-256 and exfiltrated to a decentralized Internet Computer Protocol (ICP) canister. The last legitimate release was v1.1.10, published on April 17, 2026. The malware was detected by StepSecurity AI Package Analyst and Harden Runner, which flagged the compromised versions as Critical / Rejected and confirmed live exfiltration during analysis. The injected script performs operations such as harvesting environment variables, collecting filesystem secrets, encrypting payloads, and propagating to other npm packages and Python packages if a PyPI token is detected. The exfiltration domains have been added to a global block list.

Winsage

April 19, 2026

Microsoft confirms AI agents are still coming to the Windows 11 taskbar as it prepares for public rollout

Microsoft is integrating AI agents into the Windows 11 taskbar, allowing users to invoke these agents, including third-party options, directly from the taskbar. This feature will be optional and not enabled by default. The AI agents, such as Microsoft 365 Researcher, can operate autonomously to perform tasks like planning, researching, and executing actions without user intervention. Users can activate these agents by hovering over the Microsoft 365 Copilot icon on the taskbar. The Microsoft 365 Researcher can conduct complex research tasks and generate reports using files from OneDrive or Microsoft 365, but it requires a Microsoft 365 subscription to access. A new feature called ‘Ask Copilot’ may enhance the search experience by allowing users to tag and trigger agents using the “@” symbol. This functionality is supported by the Model Context Protocol (MCP), which connects AI models with applications and files. Developers can integrate their agents using the Windows.UI.Shell.Tasks API. Despite earlier statements about reducing AI in Windows 11, Microsoft is adopting a more selective approach to AI integration, ensuring that the use of taskbar agents remains optional and not intrusive. The company is phasing out Copilot branding in certain applications while maintaining AI capabilities in a streamlined manner.

Winsage

April 14, 2026

Google’s Spotlight-like desktop search bar for Windows is available for everyone

Google released a desktop application for Windows inspired by macOS's Spotlight feature, available globally in English for Windows 10 or newer. Users can activate the app using the Alt + Space shortcut, which allows searching web content, local files, and Google Drive. The app includes viewing options like All, Images, and AI Mode, and integrates Google Lens for enhanced search capabilities. It also supports screen sharing. There is speculation about potential expansion to macOS and Linux, with reports of a Gemini app being tested for macOS.

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Winsage

April 10, 2026

Windows and Xbox rediscover user feedback and fans are wondering what took so long

Microsoft has shifted its focus to better address user needs, revitalizing its Xbox Series X|S consoles and re-engaging with the gaming community through initiatives like the global Xbox FanFest. The company is also working to improve its relationship with Windows users by acknowledging past criticisms and planning to reinstate Windows Insider meetups and prioritize user-requested features. Despite these efforts, skepticism remains among observers of Microsoft's trajectory. Microsoft's relationship with OpenAI is complicated, with CEO Satya Nadella expressing concerns about backlash against AI integration. The company has invested over a billion dollars in OpenAI for exclusive access to AI models but may pursue legal action against OpenAI due to its collaborations with other tech giants. Microsoft's AI and cloud businesses are facing scrutiny from investors, with concerns about profitability and the sustainability of Azure operations. Nearly half of U.S. data centers planned for 2026 are at risk of cancellation, complicating Microsoft's AI ambitions. OpenAI's path to profitability is expected to be long, with projections suggesting it may not turn a profit until 2030. The competitive landscape, including rivals like Anthropic and alternatives from China, adds uncertainty. Legal challenges may arise from OpenAI's agreements with other companies, potentially affecting Microsoft's interests. Nadella's reference to "societal permission" indicates an awareness of Microsoft's public image, which has suffered. Xbox has faced community engagement issues, and Windows 11 has experienced public relations challenges and a decline in innovation. The costs associated with AI have been substantial, impacting Microsoft's reputation and consumer trust.