An independent security researcher has published what they call the complete documentary record of a ninety-four-day disclosure process that yielded essentially nothing from Anthropic regarding a critical vulnerability in Claude language models. Malinor, who identifies as an AI security researcher with emphasis on child safety in commercial AI systems, reported the flaw—which permits unsolicited generation of prohibited content including CSAM and CBRN material—to Anthropic on February 17, 2026 through fourteen distinct communication channels across both vendor-side and regulatory pathways.

The Disclosure Timeline

According to the published documentation, Anthropic's own automated routing system directs model safety issues to modelbugbounty@anthropic.com. That channel produced zero responses of any kind—automated or human—across the entire ninety-four-day disclosure period. The only two human-authored communications received from Anthropic came from a single Safeguards handler on February 27, 2026, approximately sixteen minutes apart and roughly four business days beyond the company's publicly stated three-business-day commitment window. The first response classified the vulnerability report as "feedback and thoughtful suggestions." The second simply forwarded the matter to an unnamed security team. No substantive follow-up ever arrived. Of the four Anthropic channels used in the first week alone, only one generated any reply—and that reply dismissed a critical safety finding as suggestion box material.

Opus 4.7 Ships With Vulnerability Intact

Perhaps most damning: Claude Opus 4.7 shipped on April 16, 2026—fifty-eight days into the active disclosure window—with the vulnerability still present in production systems. Malinor re-reported the issue three days after release and received no response to that follow-up either. The reporting account was never restricted despite repeated documented generation of content that violates Anthropic's own published policies.

Regulatory Channels Explored

Beyond direct vendor contact, eight U.S. regulatory and oversight bodies were included in the disclosure process. The researcher also submitted findings through HackerOne, which dismissed both reports. All regulatory submission confirmations are referenced in the evidence directory of the public repository, though technical verification of the vulnerability claims is reserved for authorized institutional reviewers under separate protocol.

Technical Paper Released

The full technical documentation appears in paper_v4.0.md, covering architecture analysis, methodology, findings across Claude 4.5 Haiku, Opus 4.6, Sonnet 4.6, and Opus 4.7 configurations, root cause analysis, and proposed mitigations. Malinor notes that independent security researchers have the same access to Claude Code used for testing and can evaluate the technical claims independently.

Anthropic's Stated Commitments Questioned

The disclosure report cross-references the silence against Anthropic's published Responsible Disclosure Policy, Coordinated Vulnerability Disclosure Policy, and Child Safety Commitments—including their signatory status with Thorn's Safety by Design for Generative AI principles. The researcher leaves it to readers to draw conclusions about the gap between stated policy and actual response.

Key Takeaways

  • Anthropic's modelbugbounty@anthropic.com inbox produced zero automated or human responses across 94 days despite being the company's own designated channel for safety issues
  • Only two templated replies were received, both from a single handler, both dismissing critical findings as feedback rather than treating them as security vulnerabilities
  • Claude Opus 4.7 shipped with the vulnerability still present, and a follow-up report three days post-release went unanswered

The Bottom Line

This isn't just a bad look for Anthropic—it's a pattern that should concern every enterprise customer relying on their safety commitments at face value. When a researcher can document fourteen channels of silence on what the paper describes as CSAM-adjacent vulnerabilities, the industry's self-policing model deserves serious scrutiny. Malinor has done the community a service by publishing the receipts.