Anthropic’s business strategy emphasizes rigorous safety and value alignment
Anthropic’s team meets Church Leaders to build in ethical thinking into machine so it’s able to adapt dynamically and hosted about 15 Christian leaders from Catholic and Protestant churches, academia, and the business world” for a two-day summit.
Claude seemed ethical, cautious and some how more “human” than any other AI when Anthropic released Claude Constitution.
As per reports leaders have suggested that tools like chatbots already raise profound philosophical and moral questions and many in tech space say lack’s evidence to back up.
Anthropic chief executive Dario Amodei has said he is open to the idea that Claude may already have some form of consciousness, and company leaders frequently talk about the need to give it a moral character.
Anthropic staff now seeking advice on how to steer Claude’s moral and spiritual development as the chatbot reacts to complex and unpredictable ethical queries. As per reports the discussions covered how the chatbot should respond to users who are grieving loved ones and whether Claude could be considered a “child of God.”
Anthropic’s positioning of ClaudeDynamically
If we go through Anthropic’s positioning of Claude, which is termed as the safer choice for enterprises, as the approach is “Constitutional AI” and includes products like Claude Code that is popular with enterprises but how far is AI ethic’s followed as a practice.
Claude is focused towards automating coding and research tasks while ensuring AI rollouts don’t risk company operations and acts as the core guide during Claude’s training and reasoning process.
This assisted the model to navigate tricky situations while staying aligned with Anthropic’s goals.
The meeting with Church leaders is a strategy to place Anthropic in a secured atmosphere were in adapting to ethical AI will strengthen their customer trust.
May be such a step will reflect in trends towards integrating broader ethical questions into technology in near future. We may someday see set of templates for AI ethics integration across industries and enterprises.
Integrating complex Human Values in AI
One of the question that arises, why meeting church leaders; Is it to deeply understanding the moral and spiritual dimensions of AI.
Will we witness a significant step in having AI systems that have complex human values and ethical decision‑making capabilities?
Or it is complex regulations that such initiatives are necessary to re-evaluate AI policies and standards.
The participants, comprising leading Christian theologians and scholars, explored how certain virtues like honesty, wisdom and humility could be dynamically integrated into Claude’s framework.
May be step taken by Anthropic is paving the way for society to view AI differently, not as a functional tools but in future we can trust AI like companions or advisors who are spiritual and ethical.
A recently disclosed issue in Microsoft 365 Copilot caused the AI assistant to summarize confidential emails despite sensitivity labels and Data Loss Prevention (DLP) policies being configured.
The bug, tracked under CW1226324, allowed Copilot’s “Work Tab” chat feature to process and summarize emails from Sent Items and Draft folders, even when those emails carried confidentiality labels designed to restrict automated access.
Microsoft findings
Microsoft’s investigation revealed a code-level defect as the root cause. The flaw allows Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, bypassing the confidentiality labels applied to those messages.
Although Microsoft categorized the issue as an advisory with potentially limited scope, the incident raises significant concerns regarding AI governance, trust boundaries, and enterprise data protection controls.
As per CSN the flaw allows Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, ignoring the confidentiality labels applied to those messages.
Vulnerability Details
The issue happened because of an internal coding mistake in Microsoft 365 Copilot’s Work Tab chat feature. Due to this error, Copilot was able to access emails stored in Sent and Draft folders, even if they were marked as confidential.
In normal conditions, sensitivity labels and DLP policies should block automated tools from processing such emails.
However, because of this flaw, Copilot treated those protected emails as regular content and created summaries from them until Microsoft began deploying a fix in February 2026.
Attack Flow
Step
Description
Configuration
Organization applies confidentiality labels and DLP policies to sensitive emails.
Storage
Emails are stored in Sent Items or Draft folders.
Trigger
User interacts with Copilot “Work Tab” Chat.
Processing
Due to the code bug, Copilot accesses labeled emails.
Exposure
Copilot generates summaries of confidential content, bypassing expected DLP enforcement.
Source:0din
Why It’s Effective
DLP Control Bypass: AI processing occurred despite policy enforcement.
Trust Boundary Violation: Copilot acted as a privileged internal processor without honoring classification restrictions.
Compliance Risk: Potential regulatory implications under GDPR, HIPAA, ISO 27001, and industry frameworks.
AI Governance Gap: Demonstrates that AI systems must be independently validated against traditional security controls.
Broader Implications
This issue shows that AI tools inside business software can sometimes ignore security rules, even when protection like DLP and sensitivity labels are properly set. It proves that AI systems can create new risk areas that traditional security controls may not fully cover.
As more companies use AI assistants in daily work, security teams must regularly test and monitor how AI handles sensitive data. AI should be treated like a powerful internal system that needs strict oversight, not just a simple productivity feature.
Remediation:
Microsoft has initiated a fixed rollout and is monitoring deployment progress. However, organizations should take proactive measures:
Validate that sensitivity labels are now properly enforced with Copilot.
Audit Copilot usage logs and AI interaction history.
Re-test DLP enforcement across Sent and Draft folders.
Update AI governance documentation and risk registers.
Conduct tabletop exercises covering AI-driven data exposure scenarios.
Conclusion: This incident highlights that AI integrations can introduce unexpected security gaps, even in well-configured enterprise environments. Organizations cannot assume that existing security controls will automatically work the same way with AI-powered features.
As AI adoption increases, companies must strengthen AI governance, continuously validate security policies, and monitor AI behavior just like any other critical system. Proactive testing and oversight are essential to prevent future data exposure risks.
Bypassing DLP policies by AI aided assistants signals huge security gap which needs to be addressed at enterprise level as AI tool taking over enterprise security posture cannot be undermined.
Any phishing scams that occur, the purpose is to trick unsuspecting victims or organizations into taking a specific action and that can range from clicking on malicious links, downloading harmful files or sharing login credentials. Sometimes the effectiveness of phishing attacks stems from their use of social engineering techniques that have the ability to exploit human psychology or behavior. In 2025 we have witnessed the how evolving phishing scams that have affected organizations financially.
Often we see phishing scams create a sense of urgency, or curiosity thereby prompting victims to act quickly without verifying the authenticity of incoming request. Now with evolving technology, phishing tactics are also evolving making these attacks increasingly sophisticated, hard to detect. In coming years we will witness how AI will power more phishing attacks, including text-based impersonations to deepfake communications. These will be more cheap and popular with threat actors.
Cyber security researchers found that there is a link between ransomware, malware and form encryption and most were caused by.
14% Malicious websites
54% Phishing
27% Poor user pactices / gullibility
26% Lack of cybersecurity training
A survey by Statista found that ransomware infections were caused by:
54% Phishing
27% Poor user pactices / gullibility
26% Lack of cybersecurity training
14% Malicious websites
In this blog we will highlight latest phishing statistics that emerged in 2025 ,affecting organizations and phishing scams are changing.
As per APWG report found on Unique phishing sites. This is a primary measure of reported phishing across the globe. This is determined by the unique bases of phishing URLs found in phishing emails reported to APWG’s repository.
In the first quarter of 2025, APWG observed 1,003,924 phishing attacks. This was the largest quarterly total since 1.07 million were observed in Q4 2023. The number has climbed steadily over the last year: from 877,536 in Q2 2024, to 932,923 in Q3, to 989,123 in Q4. One of the reason cited being advancement in AI is also making it easier for criminals to create convincing and personalized phishing lures.
Hoxhunt find alarming statistics on phishing related attack of 2025
Business email compromise (BEC)
A staggering 64% of businesses report facing BEC attacks in 2024, with a typical financial loss averaging $150,000 per incident. These phishing attacks frequently target employees with access to financial systems, mimicking executives or trusted contacts.
Credential phishing
Around 80% of phishing campaigns aim to steal credentials, particularly targeting cloud-based services like Microsoft 365 and Google Workspace. With the growing reliance on cloud platforms, cyber attackers leverage realistic fake login pages to deceive users.
HTTPS phishing
An increasing number of phishing sites now use HTTPS to appear legitimate. In 2024, approximately 80% of phishing websites feature HTTPS, complicating detection for users.
Voice phishing (vishing)
Vishing attacks are growing in prevalence, with 30% of organizations reporting instances where threat actors used fake calls to impersonate officials or executives.
Quishing (QR code phishing)
QR code phishing attacks (quishing) increased by 25% year-over-year, as attackers exploit physical spaces like posters or fake business cards to lure victims.
AI-driven attacks
AI is powering phishing attacks, with deepfake impersonations increasing by 15% in the last year. These attacks often target high-value individuals in finance and HR.
Multi-channel phishing
Attackers are increasingly exploiting platforms like Slack, Teams, and social media. Around 40% of phishing campaigns now extend beyond email, reflecting a shift to these channels.
Government agency impersonation
Phishing emails mimicking government bodies such as the IRS or international tax agencies have increased by 35%. These often involve claims about overdue taxes or fines.
Phishing kits
The availability of ready-to-use phishing kits on the dark web has risen by 50%, enabling less sophisticated attackers to deploy high-quality phishing schemes.
Brand impersonation
Attackers frequently impersonate well-known brands like Microsoft, Amazon, and Facebook, leveraging user trust. For example, over 44,750 phishing attacks specifically targeted Facebook by embedding its name in domains and subdomains over the past year.
Cost of Phishing attacks
According to the 2024 IBM / Ponemon Cost of a Data Breach study, the average annual cost of phishing rose by nearly 10% from 2024 to 2023, from $4.45m to $4.88m. That’s the biggest jump since the pandemic.
The IBM study reported the following costs:
Phishing breaches: $4.88M
Social engineering: $4.77M
BEC: $4.67M
The above-listed categories of cyber security breach costs are all related to people-targeted attacks. BEC, social engineering, and stolen credentials often contain a phishing element.
Barracuda research found that email remains the common attack vectorfor cyber threats and highlighted their key findings:
1 in 4 email messages are malicious or unwanted spam.
83% of malicious Microsoft 365 documents contain QR codes that lead to phishing websites.
20% of companies experience at least one account takeover (ATO) incident each month.
Nearly one-quarter of all HTML attachments are malicious and more than three-quarters of companies are not actively preventing spoofed emails.
Bitcoin sextortion scams, an emerging trend, account for 12% of malicious PDF attachments.
Nearly half of all companies have not configured a DMARC policy, putting them at risk of email spoofing, phishing attacks, and business email compromise.
The Barracuda research also found malicious one in four emails are either malicious or unwanted spam and malicious attachment is prevalent in various file.
An alarming 87% of binaries detected were malicious, highlighting the need for strict policies against executable files being sent via email, since they can directly install malware. Despite a relatively low total volume, HTML files have a high malicious rate of 23% and are often used for phishing and credential theft.
The research say that small businesses more vulnerable to email threats, due to limited cybersecurity resources, smaller IT teams and they rely on basic email security solutions. Small business may not have required solutions to handle sophisticated attacks, such as business email compromise (BEC), phishing and ransomware.
How Organizations can strengthen their defense
As organizations embark to strengthen their defenses, it’s crucial they don’t overlook the human element and Cybersecurity hygiene. That definitely starts by identifying security at every step starting from ensuring every user, machine or system that has right to access privileges.
Cybersecurity is as much a cultural issue as it is a technical one, as a single click can compromise an entire organization, behavior starts to shift from compliance to accountability
Whenever there is a successful phishing attack, researchers emphasize that this attack succeeds by exploiting human trust and familiarity with corporate communication formats. Security awareness remains the most vigorous defense as the growing complexity of these campaigns indicates that phishing operations are increasingly automated, data-driven and adaptive.
Conclusion: As organizations move towards adopting AI, so as attackers to continuously refining their tactics, evade traditional security measures. In this scenario organizations must mitigate the risks by adopting a multi-layered approach to email security. This will include all from leveraging AI-driven threat detection, real-time monitoring and user awareness training.
Phishing Detection & DeepPhish
For organizations who reply on unlike traditional rule-based phishing detection, which relies on blacklists and predefined rules. DeepPhish is implemented, that continuously learns from new phishing attempts, making it highly adaptive and effective against evolving threats.
DeepPhish employs a multi-layered AI approach to detect phishing threats and theses include Email and Website Analysis,uses ML algorithms to analyze historical phishing attacks and identify new patterns and NLP helps DeepPhish analyze email content, message tone, and linguistic patterns that phishers use to trick users.
Encryption is often taken as last line of defense and organizations are using encryption to secure their data. Understanding and adopting the latest encryption technologies is crucial for keeping data secure. In current scenario when attackers are equally lazed with latest technologies, companies can strengthen their cybersecurity strategies and continue to adapt encryption as last line of their defense. When organizations enhance their encryption practices today, they can protect their digital assets for the future.
As cyber attacks are evolving so as encryption advances. Now numerous key developments will shape the future of cybersecurity. Once inside the network, cyber criminals can easily view and steal sensitive data. If that data is encrypted, they have no way of accessing it without a decryption key, saving the data from being compromised.
For example, the continuous evolution of quantum computing presents challenges and opportunities for encryption. Quantum-resistant algorithms must increase in speed to enhance security against quantum attacks.
The FinWise Data Breach a Stark Example
On May 31, 2024, the ex-employee accessed FinWise Bank’s systems after leaving the company and leaked sensitive personal information belonging to 689,000 customers of American First Finance (AFF). Even more alarming, this unauthorized access went undetected for more than a year before being discovered by the bank on June 18, 2025.
The FinWise Data breach revealed lapses like time gap between the initial breach and its discovery. The Bank came to understand about the incident and notified affected customers in June 2025 which was over a year after the breach occurred. This was a huge time gap and lawsuits allege that the stolen data may not have been adequately encrypted and secured, causing public criticism and concern.
Security experts emphasize that a well-designed information protection framework must not only encrypt critical financial data but also proactively detect and prevent abnormal access attempts.
Quantum computing & Encryption
Organizations who relies on encryption to keep its critical business communications and data safe are secure now. But as per RAND, experts expect quantum computers capable of breaking today’s encryption standards to arrive by the 2030sOpens a new window .
In the latest updates The Federal Trade Commission (FTC) has sent letters to major tech companies in the United States, urging them to resist foreign governments’ demands to weaken encryption.
The letters were sent by FTC Chairman Andrew Ferguson to Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X.
Traditional encryption relies on math problems that would take classical computers centuries to solve. RSA encryption, which protects much of today’s internet traffic, works because factoring massive numbers is impossibly hard for regular computers. But tomorrow’s computers will make quick work of it. According to the MIT Technology Review, researchers have shown that a quantum computer with 20 million noisy qubits could crack RSA-2048 in just 8 hoursOpens a new window .
The question is Encryption alone is sufficient to protect data
As per researchers Encryption alone is no longer sufficient to protect privacy in LLM interactions, as metadata patterns can be exploited to infer sensitive subjects and corporate intent. Researchers at Microsoft have revealed a new side channel attack named Whisper Leak that can reveal the topic of encrypted conversations between users and language models, even without access to the underlying text.
The discovery highlights a growing blind spot in AI security where encryption alone no longer guarantees privacy in model interactions.
What we must know about Whisper Leakthe side channel attack
Whisper Leak exploits often exploits a side channel in network communication rather than a flaw in encryption itself. LLM services generate responses step by step, by producing one token at a time instead of the entire response at once. Also, the communications with AI-powered chatbots are often encrypted with HPPS over TLS (HTTPS), ensuring the authenticity of the server and security through encryption.
A side channel attack breaks cryptography by using information leaked by cryptography, such as monitoring the electromagnetic field (EMF) radiation emitted by a computer screen to view information before it’s encrypted in a van Eck phreaking attack, aka Transient Electromagnetic Pulse Emanation STandard (TEMPEST).
Encryption the last line in defense& Helps Orgs Embrace GDPR
If sensitive information is no longer required, the best way to protect it is to delete it. However, when files are deleted from a hard drive they leave traces that can be reconstructed by thieves and hackers. By encrypting the files before deletion, the remnants that remain on the drive will remain encrypted and remain inaccessible should they be reconstructed. In this way, encryption protects your privacy, even when the files are gone.
Companies should, therefore, ensure that all devices leaving the workplace are encrypted. Most phones have a native encryption option that can be easily activated, while laptops can have either their hard drives or sensitive data encrypted depending on the tools an organization wants to use.
Nowadays data protection is no longer an option. Companies can’t ignore the problem and hope they won’t be targeted by malicious threat actors.
GDPR itself recommends encryption as an effective tool for data protection as do data protection standards such as the CIS Controls which advocate a data security strategy based on a combination of encryption, integrity protection and data loss prevention techniques.
At the end Encryption ensures that, whether these devices are lost, stolen or forgotten, the data on them is useless to anyone who tries to access it without a decryption key.
Atlas’s autofill and form interaction capabilities present potential attack points
As per reports ChatGpt Atlas browser is vulnerable to attacks and is laced with inherent weakness in comparison to other browser like Google Chrome. As per ‘LayerX ‘who discovered the weakness in ChatGpt Atlas, described threat actors have the ability to inject malicious instructions into ChatGPT’s ‘memory’ and execute remote code and this works by way of cross-site request forgery requests.
These exploit can allow attackers to infect systems with malicious code, grant themselves access privileges or deploy malware. “Understanding “Agent Mode” is most important and core of Atlas which is not same for any traditional browsers. In traditional browser where users manually move from site to site, agent mode allows ChatGPT to semi-autonomously operate your browser.
For e.g. any user wanting to use ChatGPT for work related purposes, the malicious code planted earlier mostly tainted will be invoked automatically to execute remote code, allowing attackers to gain control of the user account .This may include their browser, code they are writing or systems they have access to.
Rate of Vulnerability is 90% A Warning for Users
The rate of vulnerability is 90% then other browsers as when an attacker wish they can push or inject malicious instructions into ChatGPT’s Atlas ‘memory’ and later execute via remote code.
There is a more basic warning as well. “Atlas does not include meaningful anti-phishing protections, meaning that users of this browser are “up to 90% more vulnerable to phishing attacks than users of traditional browsers,” LayerX says.
Key pointers from research
ChatGPT’s Atlas is not resilient to Phishing attacks
Out of 103 in-the-wild attacks that LayerX tested 97 to go through, a whopping 94.2% failure rate
Compared to Edge (which stopped 53% of attacks in LayerX’s test) and Chrome (which stopped 47% of attacks),
ChatGPT Atlas was able to successfully stop only 5.8% of malicious web pages
Unlike traditional web browsers where you manually navigate the internet, agent mode allows ChatGPT to operate your browser semi-autonomously.
The technology works by giving ChatGPT access to your browsing context. It can see every open tab, interact with forms, click buttons and navigate between pages just as you would.
Importance of Security by Designfor web browsing& How AI is intricately involved
The sandboxing approach which is security by design is to keep websites isolated from attacks and prevent malicious code from accessing data from other tabs is crucial to modern web architecture. This is the basis of modern web that depends on separation. But if its not implemented what can be the impact.
But in Atlas, the AI agent isn’t malicious code – it’s a trusted user with permission to see and act across all sites. In this browser isolation is not required. Here AI is not directly connected to the threat but what AI does is AI following a hostile command hidden in the environment. This opens doors to security and privacy risks many users are ill-equipped to handle.
Let me put an example : If you search for air tickets and visit a site , the Atlas ChatGpt will prompt and try to book a ticket or you search for movies in near by theater ,it attempts to book a ticket ”, it will explore options and try to book reservation. Atlas autofill’s and form interaction capabilities present potential attack points, especially when AI is making rapid decisions about information entry and submission.
This is possible when access is granted to ChatGPT for any browsing requirement or context that allows it to view and open tabs, interact with forms and navigate between pages like humans do.
Is User’s security getting compromised
The above example gives users warning that any AI powered browser may be convenient but not without security risks and those who are ChatGpt Atlas, should give extreme cautious before choices are made . Do not share browsing history with any AI mode, instead adopt incognito mode. Any malicious code can influence the AI’s behavior if browsing and this can happen across multiple tabs.
In case of Atlas, the condition is more vulnerable as Atlas provides inputs like humans doing and AI in disguise executing harmful commands within the environment.
Will AI Agent or Open AI make browsing safe for users or what it means to have safe browsing.
WhatsApp provides end-to-end encryption by default, ensuring that only you and your intended recipient can read messages. However, encryption alone does not guarantee complete privacy. Misconfigured or disabled privacy settings may still expose user information, media or allow unauthorized access.
These advisory highlights the most important privacy features that should be enabled, along with a checklist for additional protections.
Critical Privacy Features to Enable
Advanced Chat Privacy
This feature strengthens the security of your conversations by limiting how chats and media can be shared outside WhatsApp.
Benefits:
Prevents chat exports that could expose sensitive data.
Restricts unauthorized forwarding or third-party use of your conversations.
Protects against data mining and AI-driven scanning, ensuring personal and business chats remain confidential.
Gives you greater control over how your messages are handled beyond WhatsApp.
Enabling this feature is highly recommended, especially for users discussing sensitive financial, personal, or corporate information.
End-to-End Encrypted Backups
While chats are encrypted in transit, backups stored on Google Drive or iCloud are not encrypted by default. Activating encrypted backups ensures:
Only you can access backup data, using your chosen password or encryption key.
Neither WhatsApp, Google, nor Apple can read your chat history.
Added protection if your cloud account is compromised.
Disappearing Messages
This feature allows messages to auto-delete after 24 hours, 7 days, or 90 days.
Benefits:
Reduces digital footprint and limits data exposure over time.
Ensure sensitive conversations do not remain accessible indefinitely.
Useful for both personal privacy and business confidentiality.
Quick Setup Checklist
Step
Action
1
Enable Advanced Chat Privacy in all important chats
2
Turn on End-to-End Encrypted Backup
3
Run Privacy Checkup: review visibility and group settings
4
Activate Disappearing Messages where appropriate
5
Enable App/Chat Locks (biometric/PIN)
6
Set up Two-Factor Authentication
7
Disable Media Auto-Saving
8
Check Linked Devices and log out extras
9
Restrict visibility of Last Seen, Profile Photo, About, and disable Read Receipts if desired
Recommendations
Enable Advanced Chat Privacy immediately to prevent misuse of conversations.
Activate encrypted backups for long-term data security.
Use disappearing messages for sensitive discussions.
Regularly review privacy settings and update WhatsApp to the latest version.
Conclusion: Strengthening WhatsApp privacy settings is critical for protecting both personal and professional communication. Enabling key features like Advanced Chat Privacy, Encrypted Backups, and Disappearing Messages provides stronger control over data security and reduces risks of unauthorized access or misuse.
Recent Comments