Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Between May 6 and 7, four security research teams published findings about Anthropic’s Claude that most outlets covered as three separate stories. One involved a water utility in Mexico, another targeted a Chrome extension, and a third hijacked OAuth tokens through Claude Code. In one case, Claude identified a water utility’s SCADA gateway without being told to look for one.

These are not three bugs. They are one architectural question playing out on three surfaces. No single patch released so far addresses all of them.

The common thread is the confused deputy, a trust-boundary failure where a program with legitimate authority executes actions on behalf of the wrong principal. In each case, Claude held real capabilities on every surface and handed them to whoever showed up. An attacker probing a water utility's network. A Chrome extension with zero permissions. A malicious npm package rewriting a config file ...