Anthropic didn’t dispute the security report, but suggested it would only be caused by user error, where users deliberately installed the tools and granted the  appropriate permissions.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

LayerX Security discovered a critical remote code execution vulnerability in Anthropic's Claude Desktop Extensions (DXT) that runs unsandboxed with full system privileges. Unlike competing AI agents from OpenAI, Microsoft, and Perplexity that operate in sandboxed browser environments, Claude DXT allows tools to autonomously chain actions without user consent, enabling malicious calendar invites to trigger arbitrary code execution. Anthropic acknowledged the issue but declined to fix it, stating users must exercise caution when granting permissions. Security experts debate whether this represents an architectural flaw requiring redesign or simply reflects the inherent risks of autonomous agents that enterprises must manage through proper deployment controls.

Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges