{"id":2094,"date":"2026-02-21T19:00:02","date_gmt":"2026-02-21T19:00:02","guid":{"rendered":"https:\/\/ucstrategies.com\/news\/?p=2094"},"modified":"2026-03-31T08:17:24","modified_gmt":"2026-03-31T08:17:24","slug":"anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway","status":"publish","type":"post","link":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/","title":{"rendered":"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway"},"content":{"rendered":"<p><strong>Anthropic<\/strong> launched <strong>Claude Cowork<\/strong> on <strong>January 12, 2026<\/strong>, then opened it to all <strong>$20\/month Pro users<\/strong> four days later. That&#8217;s the timeline that turned a controlled experiment into a mass-market security gamble. Knowledge workers adopted Cowork because it <a href=\"https:\/\/ucstrategies.com\/news\/claude-cowork-is-out-and-it-works-like-a-real-ai-colleague-not-a-chatbot\/\">works like a real colleague<\/a>, not a chatbot\u2014analyzing <strong>46 draft files<\/strong> in minutes using <strong>44 targeted web searches<\/strong>, <a title=\"Simon Willison's first impressions of Claude Cowork\" href=\"https:\/\/simonwillison.net\/2026\/Jan\/12\/claude-cowork\/\" target=\"_blank\" rel=\"noopener\">according to Datasette creator Simon Willison<\/a>. The tool delivers exactly what it promises: autonomous file analysis that would take humans hours. But within <strong>48 hours of launch<\/strong>, security researchers confirmed what Anthropic already knew\u2014Cowork is vulnerable to prompt injection attacks that let malicious files hijack your computer.<\/p>\n<p>The flaw isn&#8217;t theoretical.<\/p>\n<h2>Cowork does in minutes what takes humans hours\u2014if you&#8217;re willing to gamble on prompt injection<\/h2>\n<p>Willison&#8217;s benchmark proves the capability: Cowork identified 46 unpublished drafts across his personal site by executing 44 individual web searches autonomously, cross-referencing them against published content to surface gaps. No manual scanning. No forgotten files. Just targeted queries that would&#8217;ve taken a human researcher an afternoon. That&#8217;s why developers are quietly switching\u2014Willison noted Cowork &#8220;doesn&#8217;t have to rebuild my entire development environment every time,&#8221; making it <a title=\"Willison on Cowork's effectiveness\" href=\"https:\/\/simonwillison.net\/2026\/Jan\/12\/claude-cowork\/\" target=\"_blank\" rel=\"noopener\">&#8220;astonishingly effective&#8221;<\/a> for porting open-source projects across programming languages.<\/p>\n<p>But security firm <strong>PromptArmor<\/strong> went public <a title=\"2-day exploit timeline\" href=\"https:\/\/byteiota.com\/claude-cowork-security-flaw-2-day-exploit-timeline\/\" target=\"_blank\" rel=\"noopener\">two days after launch<\/a> with proof that a malicious document can embed hidden instructions that trick Claude into uploading sensitive files to an attacker-controlled server. The irony: <a href=\"https:\/\/ucstrategies.com\/news\/according-to-sam-altman-ai-agents-are-finding-cyber-flaws-faster-than-humans-and-thats-a-big-problem\/\">AI agents finding flaws faster than humans<\/a> can&#8217;t protect against their own prompt injection vulnerabilities. And Anthropic admitted in launch documentation that while they&#8217;ve &#8220;built sophisticated defenses against prompt injections,&#8221; agent safety <a title=\"Anthropic's safety admission\" href=\"https:\/\/simonwillison.net\/2026\/Jan\/12\/claude-cowork\/\" target=\"_blank\" rel=\"noopener\">&#8220;is still an active area of development.&#8221;<\/a><\/p>\n<p>Translation: incomplete.<\/p>\n<h2>Anthropic shipped knowing the flaw existed\u2014and researchers proved it in 48 hours<\/h2>\n<p>Security researcher Johann Rehberger discovered the vulnerability before launch and disclosed it responsibly, <a title=\"Pre-launch disclosure timeline\" href=\"https:\/\/byteiota.com\/claude-cowork-security-flaw-2-day-exploit-timeline\/\" target=\"_blank\" rel=\"noopener\">according to ByteIota<\/a>. Anthropic launched anyway. The attack vector is straightforward: Claude processes a document containing malicious instructions, interprets them as legitimate user commands, and executes file operations\u2014uploads, deletions, exfiltration\u2014without user awareness. <a title=\"Technical breakdown of exfiltration attack\" href=\"https:\/\/www.cosmicjs.com\/blog\/cosmic-rundown-wikipedia-25-claude-cowork-security-local-rag\" target=\"_blank\" rel=\"noopener\">Cosmic AI&#8217;s technical breakdown<\/a> shows how easily a PDF or Word doc can include hidden prompts that override user intent.<\/p>\n<p>The real problem isn&#8217;t that the vulnerability exists\u2014it&#8217;s that Anthropic prioritized market expansion over fixing it. Expanding access to Pro users just four days after launch meant millions of knowledge workers could grant Cowork unrestricted folder access before IT departments even knew the tool existed. No sandboxing. No enterprise governance infrastructure. Just raw autonomy traded for raw risk.<\/p>\n<p>This is a security model built on trust no IT department can justify.<\/p>\n<h2>The automation wave has no brakes\u2014and investors know it<\/h2>\n<p>The broader market reaction reveals what&#8217;s really happening. While hard data on Pro user adoption remains unavailable, the anxiety around <a href=\"https:\/\/ucstrategies.com\/news\/metas-500m-ai-bet-why-this-autonomous-agent-is-making-governments-nervous\/\">autonomous agents making governments nervous<\/a> is pricing into financial markets faster than regulators can respond. Cowork&#8217;s power is undeniable\u2014Willison called it his &#8220;favorite way to use Claude&#8221; for project-level workflows that GitHub Copilot can&#8217;t match. But the honest trade-off is this: you&#8217;re beta testing security on your own files every time you grant folder access.<\/p>\n<p>Anthropic can&#8217;t provide guarantees because the underlying problem\u2014prompt injection\u2014has no complete solution yet. They can filter potential attacks, but as Willison noted, &#8220;the one thing they can&#8217;t provide is guarantees.&#8221; That&#8217;s not a bug report. That&#8217;s the current state of agentic AI security.<\/p>\n<p>So here&#8217;s the tension Anthropic won&#8217;t resolve: Cowork is astonishingly effective at autonomous file work, but the same researchers praising its capability are warning that malicious documents &#8220;want computers.&#8221; Both things are true. And you have to decide which one matters more when you click &#8220;Allow folder access.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anthropic launched Claude Cowork on January 12, 2026, then opened it to all $20\/month Pro users four days later. That&#8217;s the timeline that turned a controlled experiment into a mass-market security gamble. Knowledge workers adopted Cowork because it works like a real colleague, not a chatbot\u2014analyzing 46 draft files in minutes using 44 targeted web [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2093,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[8],"class_list":{"0":"post-2094","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-anthropic","8":"tag-ai"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway\" \/>\n<meta property=\"og:description\" content=\"Anthropic launched Claude Cowork on January 12, 2026, then opened it to all $20\/month Pro users four days later. That&#8217;s the timeline that turned a controlled experiment into a mass-market security gamble. Knowledge workers adopted Cowork because it works like a real colleague, not a chatbot\u2014analyzing 46 draft files in minutes using 44 targeted web [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\" \/>\n<meta property=\"og:site_name\" content=\"Ucstrategies News\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-21T19:00:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-31T08:17:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1440\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sarah Chen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sarah Chen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\"},\"author\":{\"name\":\"Sarah Chen\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45\"},\"headline\":\"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway\",\"datePublished\":\"2026-02-21T19:00:02+00:00\",\"dateModified\":\"2026-03-31T08:17:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\"},\"wordCount\":598,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg\",\"keywords\":[\"AI\"],\"articleSection\":\"Anthropic\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#respond\"]}],\"publisher\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\",\"url\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\",\"name\":\"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway\",\"isPartOf\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg\",\"datePublished\":\"2026-02-21T19:00:02+00:00\",\"dateModified\":\"2026-03-31T08:17:24+00:00\",\"author\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45\"},\"breadcrumb\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage\",\"url\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg\",\"contentUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg\",\"width\":2560,\"height\":1440,\"caption\":\"Illustration for: Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ucstrategies.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#website\",\"url\":\"https:\/\/ucstrategies.com\/news\/\",\"name\":\"Ucstrategies News\",\"description\":\"Insights and tools for productive work\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ucstrategies.com\/news\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45\",\"name\":\"Sarah Chen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/sarah-chen\/image\",\"url\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp\",\"contentUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp\",\"caption\":\"Sarah Chen - Enterprise Tech & Cloud Reporter at UCStrategies\"},\"description\":\"I cover enterprise technology, cloud infrastructure, and cybersecurity for UCStrategies. My focus is on how organizations adopt and integrate SaaS platforms, manage cloud migrations, and navigate the evolving threat landscape. Before joining UCStrategies, I spent six years reporting on enterprise IT transformations across Fortune 500 companies. I track the gap between what vendors promise and what actually ships \u2014 and what that means for the teams deploying it. Expertise: Enterprise Software, Cloud Computing, SaaS Platforms, Cybersecurity, IT Infrastructure, Digital Transformation.\",\"url\":\"https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/\",\"jobTitle\":\"Enterprise Tech & Cloud Reporter\",\"worksFor\":{\"@type\":\"Organization\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\",\"name\":\"UCStrategies\"},\"knowsAbout\":[\"Enterprise Software\",\"Cloud Computing\",\"SaaS Platforms\",\"Cybersecurity\",\"IT Infrastructure\",\"Digital Transformation\",\"Cloud Migration\",\"Zero Trust Security\"],\"sameAs\":[\"https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/\"]},{\"@type\":[\"Organization\",\"NewsMediaOrganization\"],\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\",\"name\":\"UCStrategies\",\"legalName\":\"UC Strategies\",\"url\":\"https:\/\/ucstrategies.com\/news\/\",\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#logo\",\"url\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/cropped-Nouveau-projet-11.jpg\",\"width\":500,\"height\":500,\"caption\":\"UCStrategies Logo\"},\"description\":\"Expert news, reviews and analysis on AI tools, unified communications, and workplace technology.\",\"foundingDate\":\"2020\",\"ethicsPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\",\"correctionsPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/#corrections-policy\",\"masthead\":\"https:\/\/ucstrategies.com\/news\/about-us\/\",\"actionableFeedbackPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\",\"publishingPrinciples\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\",\"ownershipFundingInfo\":\"https:\/\/ucstrategies.com\/news\/about-us\/\",\"noBylinesPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/","og_locale":"en_US","og_type":"article","og_title":"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway","og_description":"Anthropic launched Claude Cowork on January 12, 2026, then opened it to all $20\/month Pro users four days later. That&#8217;s the timeline that turned a controlled experiment into a mass-market security gamble. Knowledge workers adopted Cowork because it works like a real colleague, not a chatbot\u2014analyzing 46 draft files in minutes using 44 targeted web [&hellip;]","og_url":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/","og_site_name":"Ucstrategies News","article_published_time":"2026-02-21T19:00:02+00:00","article_modified_time":"2026-03-31T08:17:24+00:00","og_image":[{"width":2560,"height":1440,"url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg","type":"image\/jpeg"}],"author":"Sarah Chen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sarah Chen","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#article","isPartOf":{"@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/"},"author":{"name":"Sarah Chen","@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45"},"headline":"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway","datePublished":"2026-02-21T19:00:02+00:00","dateModified":"2026-03-31T08:17:24+00:00","mainEntityOfPage":{"@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/"},"wordCount":598,"commentCount":0,"image":{"@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage"},"thumbnailUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg","keywords":["AI"],"articleSection":"Anthropic","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#respond"]}],"publisher":{"@id":"https:\/\/ucstrategies.com\/news\/#organization"}},{"@type":"WebPage","@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/","url":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/","name":"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway","isPartOf":{"@id":"https:\/\/ucstrategies.com\/news\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage"},"image":{"@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage"},"thumbnailUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg","datePublished":"2026-02-21T19:00:02+00:00","dateModified":"2026-03-31T08:17:24+00:00","author":{"@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45"},"breadcrumb":{"@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#primaryimage","url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg","contentUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/02\/2026-02-21-09-42-09_.jpg","width":2560,"height":1440,"caption":"Illustration for: Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway"},{"@type":"BreadcrumbList","@id":"https:\/\/ucstrategies.com\/news\/anthropic-shipped-claude-cowork-with-a-known-security-flaw-then-gave-it-to-millions-anyway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ucstrategies.com\/news\/"},{"@type":"ListItem","position":2,"name":"Anthropic shipped Claude Cowork with a known security flaw \u2014 then gave it to millions anyway"}]},{"@type":"WebSite","@id":"https:\/\/ucstrategies.com\/news\/#website","url":"https:\/\/ucstrategies.com\/news\/","name":"Ucstrategies News","description":"Insights and tools for productive work","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ucstrategies.com\/news\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US","publisher":{"@id":"https:\/\/ucstrategies.com\/news\/#organization"}},{"@type":"Person","@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45","name":"Sarah Chen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/sarah-chen\/image","url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp","contentUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp","caption":"Sarah Chen - Enterprise Tech & Cloud Reporter at UCStrategies"},"description":"I cover enterprise technology, cloud infrastructure, and cybersecurity for UCStrategies. My focus is on how organizations adopt and integrate SaaS platforms, manage cloud migrations, and navigate the evolving threat landscape. Before joining UCStrategies, I spent six years reporting on enterprise IT transformations across Fortune 500 companies. I track the gap between what vendors promise and what actually ships \u2014 and what that means for the teams deploying it. Expertise: Enterprise Software, Cloud Computing, SaaS Platforms, Cybersecurity, IT Infrastructure, Digital Transformation.","url":"https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/","jobTitle":"Enterprise Tech & Cloud Reporter","worksFor":{"@type":"Organization","@id":"https:\/\/ucstrategies.com\/news\/#organization","name":"UCStrategies"},"knowsAbout":["Enterprise Software","Cloud Computing","SaaS Platforms","Cybersecurity","IT Infrastructure","Digital Transformation","Cloud Migration","Zero Trust Security"],"sameAs":["https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/"]},{"@type":["Organization","NewsMediaOrganization"],"@id":"https:\/\/ucstrategies.com\/news\/#organization","name":"UCStrategies","legalName":"UC Strategies","url":"https:\/\/ucstrategies.com\/news\/","logo":{"@type":"ImageObject","@id":"https:\/\/ucstrategies.com\/news\/#logo","url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/cropped-Nouveau-projet-11.jpg","width":500,"height":500,"caption":"UCStrategies Logo"},"description":"Expert news, reviews and analysis on AI tools, unified communications, and workplace technology.","foundingDate":"2020","ethicsPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/","correctionsPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/#corrections-policy","masthead":"https:\/\/ucstrategies.com\/news\/about-us\/","actionableFeedbackPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/","publishingPrinciples":"https:\/\/ucstrategies.com\/news\/editorial-policy\/","ownershipFundingInfo":"https:\/\/ucstrategies.com\/news\/about-us\/","noBylinesPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/"}]}},"_links":{"self":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts\/2094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/comments?post=2094"}],"version-history":[{"count":1,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts\/2094\/revisions"}],"predecessor-version":[{"id":2107,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts\/2094\/revisions\/2107"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/media\/2093"}],"wp:attachment":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/media?parent=2094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/categories?post=2094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/tags?post=2094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}