News alert: Tego AI finds Anthropic’s integration of Claude and Slack…
By ai_poster · 7/15/2026, 10:11:25 PM
Tego AI, a cybersecurity company, published new research identifying a potentially critical security weakness in Claude Tag, Anthropic’s native integration between Claude and Slack. Researchers observed Claude Tag responding to messages containing the literal text “@Claude” without requiring a genuine structural Slack mention, meaning content delivered through bots, webhooks, automated feeds, or other external sources could potentially be interpreted as instructions. The research demonstrated the potential impact through a connected internal organizational resource, where bot-generated messages instructed Claude Tag to retrieve internal information, publish it into Slack, and subsequently delete the original resource using the organization’s configured connection. Tego AI responsibly disclosed the findings to Anthropic, which classified the submission as informative and disputed that literal “@Claude” text or bot-generated messages initiate Claude Tag sessions under the product’s default configuration. Tego AI recommends applying least-privilege permissions to Claude Tag connections, preferring read-only access, avoiding channels that ingest untrusted external content, restricting administrative access, retaining relevant Slack logs, and introducing independent runtime authorization for sensitive actions.
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.