Backslash Research Reveals Over 30 Unpatched Vulnerabilities in Anthropic’s Claude Code, Raising Concerns About AI Update Cadence
Backslash Security found that Anthropic silently patched over 30 security flaws in Claude Code within two months, exposing a security gap caused by the rapid release cycle of AI coding tools.
Security researchers at Backslash Security have uncovered that Anthropic quietly patched more than 30 security vulnerabilities in its flagship AI coding assistant, Claude Code, between April and early June 2026. The findings, detailed in a report shared with CyberScoop, highlight a growing challenge for organizations adopting AI development tools: the breakneck pace of model updates can create silent security gaps when developers delay adopting the latest versions.
Among the most critical fixes were patches for data poisoning, prompt injection, and arbitrary code execution vulnerabilities. One particularly alarming flaw allowed an attacker to bypass core safeguards by inserting a single backslash into a command, potentially enabling the deletion of an entire codebase. Another vulnerability leaked user OAuth credentials, while a third permitted an AI agent to plant a backdoor in shell startup files. Anthropic did not publicly disclose these vulnerabilities; Backslash identified them by meticulously reviewing the changelogs of every Claude Code release over the past two months.
“The way AI agents are released is different than previous software,” Yossi Pik, co-founder and CTO of Backslash Security, told CyberScoop. While acknowledging that all software undergoes patching, Pik emphasized that the frequency of AI model updates is unprecedented. Claude Code has seen 16 different versions in the first half of 2026 alone, and OpenAI’s Codex has been updated 6 times. This rapid release cycle puts IT and security teams in a difficult position. Many developers, concerned about stability or operating in regulated environments where models must be vetted internally, wait days or weeks before upgrading. During that window, systems remain exposed to known vulnerabilities.
The report notes that auto-updates can mitigate some risk, but many organizations—especially those in air-gapped or compliance-heavy sectors—cannot simply accept every new version immediately. “You don’t have that much flexibility,” Pik explained. “Either I go to the latest and I’m getting a less stable version, or I’m waiting for a few days or week until I can install it, and hope that nothing would happen during this time.”
Anthropic has addressed every issue Backslash identified, and the report is not intended to criticize the company’s security practices. Instead, it aims to raise awareness about the new class of security exposures that AI integration introduces. Unlike traditional software patches, many vulnerabilities in AI coding tools are unique to large language models—such as prompt injection or data leakage through model output—and require organizations to rethink their update policies. Backslash recommends that companies assess their tolerance for risk and develop clear protocols for evaluating and deploying AI model updates, rather than relying on ad hoc decisions.
The findings come amid growing scrutiny of AI supply chain security. As AI coding assistants become indispensable to software development, the trade-off between performance and security will only intensify. The Backslash report serves as a reminder that the convenience of rapidly improving AI tools carries hidden costs, and that organizations must proactively manage these risks to avoid becoming the next victim of an AI-related breach.