{"slug": "ais-constant-patching-treadmill-can-be-a-security-problem", "title": "AI’s constant patching treadmill can be a security problem", "summary": "Backslash Security researchers found that Anthropic patched over 30 security vulnerabilities in Claude Code between April and early June 2026, including data poisoning and arbitrary code execution flaws, but did not publicize the fixes. The rapid release cadence of AI models creates security gaps as developers delay updates to avoid performance issues, forcing a trade-off between security and stability.", "body_md": "# AI’s constant patching treadmill can be a security problem\n\nWhile Washington D.C. [frets over the potential impact](https://cyberscoop.com/cybersecurity-experts-anthropic-fable-5-not-unique-ai-threat/) of Anthropic’s Claude Fable 5, security researchers continue to track how the integration of frontier AI tools are transforming the digital security landscape for malicious hackers and defenders alike.\n\nThe breakneck speed of model releases may be creating short, silent security gaps for developers who must choose between performance and security, according to a new [report](https://www.backslash.security/blog/auto-update-or-inherit-risk-claude-code-security-fixes).\n\nResearchers at Backslash Security pored through update logs for Claude Code, Anthropic’s flagship coding model, finding the company was patching dozens of newly discovered security vulnerabilities in the program between April and early June 2026.\n\nThe logs revealed the details of more than 30 security relevant patches implemented over that timeframe, but Anthropic did not publicize them. Instead, Backslash Security researchers found them by reviewing update logs for every new version of a Claude Code release in the last two months, noted the security-relevant fixes and traced each one back to the version and date it shipped.\n\nThe patches included fixes for data poisoning, prompt injection and arbitrary code execution vulnerabilities. One bypassed core safeguards put in place to prevent Claude Code from accepting catastrophic deletions commands, such as erasing an entire codebase, by adding a single backslash to the command. Another leaked user OAuth credentials, while a third allowed an AI agent to plant a backdoor in shell startup files.\n\nThere is nothing inherently odd about this: most companies regularly update and patch their software and anyone who had auto-updates turned on would automatically be switched to the newest, secure version of Claude Code.\n\nBut Yossi Pik, co-founder and chief technology officer at Backslash Security, told CyberScoop that the research concluded “the way AI agents are released is different than previous software.”\n\n“We debated internally, because when I originally said I wanted to write about this, I was told ‘Okay, every company has the [same] issue, then they patch and fix,” he said. “This is the nature of software, but I think that what makes this unique is the cadence and frequency of the releases.”\n\nAI companies keep a ferocious pace when updating their models. Claude Code’s [changelog](https://www.backslash.security/blog/auto-update-or-inherit-risk-claude-code-security-fixes) indicates there have been 16 different versions through the first half of June, while OpenAI’s Codex was [updated](https://www.backslash.security/blog/auto-update-or-inherit-risk-claude-code-security-fixes) 6 times.\n\nBecause model updates often bring short-term performance and stability issues, software developers typically wait a week or more before upgrading to a new version.\n\nThese time gaps create small windows of vulnerability and force developers to choose between security and performance. The report delves identifies several reasons why developers don’t automatically update their AI models, including companies that may rely on internal vetting or release schedules, operate in regulated or air-gapped environments where model versions are frozen, need to maintain long-running sessions or use manual installations.\n\nPik said some IT and security teams have also told him they prefer not to install any new version of an AI model without letting it run on other environments first.\n\n“You don’t have that much flexibility, either I go to the latest and I’m getting a less stable version [of the model’ or I’m waiting for a few days or week until I can install it, and hope that nothing would happen during this time,” said Pik.\n\nThe Backslash report is not intended as a dig at the security rigor of Anthropic, noting the company tends to “patch fast and document more than anyone” and has addressed every issue and vulnerability identified in the report.\n\nRather, it’s to highlight the series of mostly silent and persistent security exposures that an organization faces when adopting AI into their workflow.\n\nOther software programs and technology products face similar tradeoffs through different updates, but most of the vulnerabilities detailed in the change log – such as getting an agent to leak data or accept malicious prompts – are unique to large language models and AI systems.\n\nThat means integrating AI tools can bring new security problems to an organization, both from outsiders who can poison or influence the model and insiders [who can maliciously or accidentally](https://cyberscoop.com/ai-agent-insider-threat-cybersecurity-dtex/) direct the model to access or leak systems, data and identities.\n\nFor most Claude Code users, this process runs automatically in the background. Yet Yik points out that just as AI is transforming work itself, it’s also changing how we need to approach software security and updates.\n\n“It should not be compared to [Microsoft] Office that is installed and gets patched once in a while,” he said. “It’s a completely different beast that keeps evolving, and we don’t want to limit it…I think that it’s great for everyone. We just need to make sure that we do it in a secure way, and every organization should understand what that means for them.”", "url": "https://wpnews.pro/news/ais-constant-patching-treadmill-can-be-a-security-problem", "canonical_source": "https://cyberscoop.com/claude-code-security-vulnerabilities-ai-patches-backslash-security/", "published_at": "2026-06-16 20:32:30+00:00", "updated_at": "2026-06-16 20:51:12.858795+00:00", "lang": "en", "topics": ["ai-safety", "ai-products", "ai-tools", "ai-agents", "ai-research"], "entities": ["Anthropic", "Claude Code", "Backslash Security", "Yossi Pik", "OpenAI", "Codex", "CyberScoop"], "alternates": {"html": "https://wpnews.pro/news/ais-constant-patching-treadmill-can-be-a-security-problem", "markdown": "https://wpnews.pro/news/ais-constant-patching-treadmill-can-be-a-security-problem.md", "text": "https://wpnews.pro/news/ais-constant-patching-treadmill-can-be-a-security-problem.txt", "jsonld": "https://wpnews.pro/news/ais-constant-patching-treadmill-can-be-a-security-problem.jsonld"}}