CISO Daily Digest: Anthropic Launches Claude Tag as Always-On Slack AI Coworker (20260624)
Anthropic launches Claude Tag, embedding Claude as an always-on AI agent in Slack channels with task assignment capabilities; Klue supply chain attack expands to 10+ security firms as ShinyHunters claims responsibility; libssh2 critical RCE vulnerability (CVE-2026-55200) disclosed; Cordyceps CI/CD flaws expose 300+ GitHub repos; Cisco Unified CM flaw actively exploited after PoC publication.
Anthropic Launches Claude Tag โ Claude Becomes an Always-On Slack AI Coworker
Anthropic today launched Claude Tag, a new integration that embeds Claude directly into Slack channels as an always-present AI teammate. Unlike conventional chatbots that require explicit invocation, Claude Tag sits persistently in designated channels, monitoring conversations, answering questions, and accepting @-mentioned tasks. Anthropic reports that in early deployments, Claude already writes 65% of internal communications in some organizations.
The launch represents a strategic pivot for Anthropic: positioning Claude not as a tool to be queried, but as a persistent team member with an independent identity. Claude Tag can be assigned tasks, follow thread discussions, and generate responses autonomously across channels. It is available in research preview for Team and Enterprise Slack plans.
Security implications are significant. Placing an always-on AI agent inside enterprise communication channels โ where sensitive financial data, HR discussions, product roadmaps, and security incidents are discussed โ introduces new vectors for data exposure. Claudeโs independent identity model means it can access, process, and potentially retain information across channels. Organizations deploying Claude Tag must carefully review data retention policies, access controls, and the scope of channels the agent monitors.
Anthropic has simultaneously updated its privacy policy to allow Claude to request government ID and face scans for identity verification, raising additional privacy considerations for enterprise deployments.
๐ Reference: Coverage from (Reuters, The New Stack, Help Net Security)
Why This Reshapes Enterprise AI Governance
Claude Tag represents the first major deployment of a persistent, agentic AI coworker inside a mainstream enterprise collaboration platform. Unlike previous AI assistants that respond when summoned, Claude Tagโs always-listening model fundamentally changes the risk profile. Data lineage becomes ambiguous โ which channel conversations did Claude process? What context was retained? How are cross-channel inferences made?
The integration also signals that Slack is becoming a primary AI agent interface, a development that security teams must prepare for. Organizations should audit which channels Claude Tag has access to, establish data retention policies for AI-processed conversations, and ensure that sensitive channels (legal, HR, M&A) are excluded from AI monitoring.
๐ Reference: Coverage from (Reuters, The New Stack, Help Net Security, iThome)
Active Threats This Week
๐ Klue Supply Chain Attack Expands โ 10+ Security Firms Affected
The Klue Battlecards supply chain attack continues to escalate. Salesforce confirmed that Klueโs integration service was compromised, allowing attackers to exfiltrate customer Salesforce data. The breach now affects 10+ security companies, including Huntress and LastPass, whose customer support and contact data were exposed. ShinyHunters has claimed responsibility, while the Icarus group is also reportedly involved. ReliaQuestโs forensic analysis shows attackers queried victim Salesforce data in 15-minute bursts during the compromise.
๐ Reference: DarkReading | iThome | iThome | iThome
๐ libssh2 Critical RCE (CVE-2026-55200) โ Crafted SSH Packets Enable Code Execution
A critical vulnerability in the libssh2 library, tracked as CVE-2026-55200, allows attackers to execute arbitrary code by sending specially crafted SSH packets. libssh2 is widely embedded in applications, SDKs, and operating systems that implement SSH connections. Organizations using libssh2-linked software should prioritize patching.
๐ Reference: iThome
๐ Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Researchers disclosed vulnerabilities in the Cordyceps CI/CD framework that expose over 300 GitHub repositories to supply-chain attacks. The flaws allow attackers to inject malicious code into CI/CD pipelines, potentially compromising downstream consumers of affected projects.
๐ Reference: The Hacker News
๐ Cisco Unified CM Flaw Actively Exploited After PoC Publication
A vulnerability in Cisco Unified Communications Manager (Unified CM) is being actively exploited following the public release of a proof-of-concept that demonstrates a file-write-to-root escalation path. Organizations running Cisco Unified CM should verify patch status immediately.
๐ Reference: The Hacker News
๐ FortiBleed Technical Details Emerge โ Attackers Weaponize FortigateSniffer
New technical analysis reveals that attackers in the FortiBleed incident exploited FortigateSniffer functionality to capture plaintext credentials from FortiGate VPN appliances. Over 70,000 devices had credentials exposed, with researchers now detailing the exact exploitation methodology. The attackers used sniffed credentials for lateral movement into victim networks.
๐ Reference: iThome
๐ ShapedPlugin WordPress Supply Chain Attack โ 400,000+ Downloads at Risk
Attackers compromised multiple ShapedPlugin WordPress plugins, injecting backdoors into paid/pro versions distributed through official channels. Over 400,000 download users are potentially affected. The compromised plugins (CVE-2026-10735) grant attackers administrative access to WordPress sites.
๐ Reference: iThome
๐ FFmpeg PixelSmash RCE (CVE-2026-xxxxx) โ Arbitrary Code via Crafted Media Files
A remote code execution vulnerability named PixelSmash was disclosed in FFmpeg, the widely used multimedia processing library. Attackers can trigger code execution by feeding crafted media files through FFmpegโs processing pipeline. FFmpeg is embedded in countless applications, media servers, and content processing workflows.
๐ Reference: Xakep
How Can OPSWAT Help
The Klue supply chain attack and ShapedPlugin WordPress compromise underscore the critical need for file-level threat prevention. Both incidents involved the delivery of malicious packages and code through trusted software supply chains โ exactly where OPSWATโs MetaDefender multi-scanning (30+ AV engines) and Deep Content Disarm and Reconstruction (CDR) provide defense.
For organizations deploying Claude Tag or any AI agent in Slack, OPSWATโs file security solutions can inspect files transmitted through AI channels before they reach endpoints, preventing malware delivery via AI-mediated workflows. The libssh2 and FFmpeg vulnerabilities further highlight the importance of software composition analysis to identify embedded third-party library risks across the application portfolio.