“Researchers always want to see all the IOCs,” Morgan Adamski, PwC principal and former executive director of US Cyber Command, tells CSO. “But there might be very specific reasons those weren’t included. Detailing how an adversary actually conducted it could essentially give the playbook to our adversaries.”
Rob T. Lee, chief AI officer at the SANS Institute, is even more blunt. “Anthropic is not a cybersecurity company like Mandiant or Google, so give them a break. And what indicators of compromise are actually going to help defenders? If they were very clear about how they detected this, that’s on their end. So what are they supposed to do — release IOCs only they can use? It’s ridiculous.”
For its part, Anthropic is playing its cards close to the vest. “Releasing IOCs, prompts, or technical specifics can give threat actors a playbook to use more widely,” the company tells CSO. “We weigh this tradeoff case by case, and in this instance, we are sharing directly with industry and government partners rather than publishing broadly.”
