Coordinated vulnerability disclosure for Claude-discovered vulnerabilities (original) (raw)

Purpose Statement: Anthropic is building AI tools that find software vulnerabilities faster and cheaper and we are working towards a clear framework for handling identified vulnerabilities, taking into account both existing industry best practices while anticipating unique challenges posed by the pace and scale these AI tools enable.

Scope: These operating principles apply to vulnerabilities Anthropic discovers in open-source software and in closed-source software where Anthropic has obtained appropriate authorization to conduct security research. It does not generally cover reports to Anthropic by external researchers, which are governed by Anthropic’s Responsible Disclosure Policy.

General: Anthropic aims to follow the industry standard 90-day disclosure deadline, provide human-reviewed reports with suggested fixes where we can, and pace our submissions to what maintainers can actually absorb.

Target Vulnerability Disclosure Timelines: We aim to notify vendors and maintainers of vulnerabilities as soon as possible; unless we determine a compelling security-related reason otherwise, we aim to share details publicly with defenders after 90 days, or after a patch is released, whichever comes first. We may deviate from this default timeline for various reasons, including the following:

• If a vendor or maintainer is engaged and making progress toward a fix as the 90-day deadline approaches, we may grant a 14-day extension on request.
• For actively exploited critical vulnerabilities, we target a 7-day timeline for a patch or mitigation. If the maintainer is actively working on a fix and requests more time, we may grant a further 7-day extension.
• When a finding reflects an ecosystem-wide pattern affecting many projects at once, we aim to notify affected parties and give every maintainer the information and support they need to respond before the finding becomes public.
• Where we and a maintainer disagree on the severity of a finding, we would generally defer to the maintainer's assessment. However, there may be exceptions, such as when we have credible evidence of active exploitation, in which case, the compressed 7-day target timeline would apply regardless of how the maintainer classifies the bug. Where a maintainer does not respond to our initial report within 30 days, we will aim to escalate the finding to an external vulnerability coordinator and proceed to public disclosure on expiration of the applicable timeline.
• In extenuating circumstances—such as events beyond our reasonable control or findings requiring exceptional remediation complexity—we reserve the right to adjust deadlines and will communicate any adjustment and its rationale as appropriate.

Patch Details: Once a patch is available, we would generally wait 45 days before publishing full technical details. The purpose is to give downstream users time to deploy the fix before detailed exploitation information is public. We may shorten this buffer if the details are already publicly known through other channels, or if earlier publication would materially help defenders identify and mitigate ongoing attacks. We may extend it when patch deployment is unusually complex or the affected footprint is unusually broad.

Vulnerability Disclosure Reporting and Coordination: Every report we send generally reflects a finding that a human security researcher has reviewed and confirmed. Reports originating from AI-powered discovery are clearly labeled as such. Where we have access to source and our tooling produces a potential candidate patch, we include it, labeled by provenance and offer to collaborate with the maintainer on a production-quality fix. We do not submit large volumes of findings to a single project without first reaching out in an effort to agree on a pace the maintainer can sustain. Actively exploited vulnerabilities are exempt from pacing and typically follow the compressed timeline above.