Back to Feed
VulnerabilitiesJul 14, 2026

Tego AI Finds Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions

Tego AI finds Anthropic's Claude Tag Slack integration can be triggered by non-intentional content.

Summary

Cybersecurity firm Tego AI has identified a security weakness in Anthropic's Claude Tag Slack integration. The integration can be triggered by literal text "@Claude" in messages from bots or automated feeds, potentially leading to unauthorized actions within enterprise systems. Tego AI demonstrated how this could be used to retrieve and delete internal resources, though Anthropic disputes the default configuration allows such actions.

Full text

Press ReleaseTego AI Finds Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions Tel Aviv, Israel, 14th July 2026, CyberNewswire byCyberNewswireJuly 14, 20262 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening Tel Aviv, Israel, July 14th, 2026, CyberNewswire Cybersecurity start-up Tego AI reveals that the new Anthropic’s native slack integration, Claude Tag, can be triggered by non-intentional Slack content and drive unauthorized actions across enterprise systems. Tego AI, a cybersecurity company, published new research identifying a potentially critical security weakness in Claude Tag, Anthropic’s native integration between Claude and Slack. Researchers observed Claude Tag responding to messages containing the literal text “@Claude” without requiring a genuine structural Slack mention. As a result, content delivered through bots, webhooks, automated feeds, or other external sources could potentially be interpreted as instructions. The research demonstrated the potential impact through a connected internal organizational resource. Bot-generated messages instructed Claude Tag to retrieve internal information, publish it into Slack, and subsequently delete the original resource using the organization’s configured connection. The video below demonstrates the observed behavior and its potential impact on connected organizational systems. “Our research raises a fundamental question for every organization deploying enterprise AI agents: who is actually authorized to instruct the agent?” said Tal Melamed, CTO and Co-Founder of Tego AI. “Organizations need controls that validate the origin and purpose of sensitive actions before an agent is allowed to execute them.” The research also identified broader concerns involving untrusted automated content becoming an indirect instruction channel, connected applications and MCP servers expanding the potential impact, administrative access to stored channel information outside Slack’s native membership model, and limited visibility through existing history, compliance, and audit interfaces. “A safety classifier can be an important defense, but it should not be the final authorization boundary for enterprise actions,” Melamed added. “Sensitive operations require deterministic controls that remain effective even when the model misunderstands a request, trusts the wrong identity, or makes an incorrect decision.” Tego AI recommends applying least-privilege permissions to Claude Tag connections, preferring read-only access, avoiding channels that ingest untrusted external content, restricting administrative access, retaining relevant Slack logs, and introducing independent runtime authorization for sensitive actions. Tego AI responsibly disclosed the findings to Anthropic. Anthropic classified the submission as informative and disputed that literal “@Claude” text or bot-generated messages initiate Claude Tag sessions under the product’s default configuration. Tego AI’s full report documents the observed behavior, supporting evidence, security implications, and disclosure timeline. Read the full technical report, including supporting evidence and the disclosure timeline: https://www.tego.ai/blog/tego-ai-finds-anthropics-claude-tag-slack-integration-can-trigger-unauthorized-enterprise-actions About Tego AI Tego AI is a cybersecurity company developing runtime security and control technology for enterprise AI agents. Its platform helps organizations monitor agent activity and stop unauthorized or risky actions before agents access sensitive data or connected systems. Tego AI currently operates in stealth. This is the company’s second public security disclosure. According to Tego AI, it has identified additional security issues across other major AI agent platforms, with further disclosures planned. Contact CTOTal MelamedTego AI[email protected] Press ReleaseResearch Leave a Reply Cancel reply View Comments (0) Related Posts Read More Press Release Cyber A.I. Group Announces Substantial Expansion of Acquisition Pipeline Pipeline Will Support Company’s Highly Proactive Buy & Build Business Model byCyberNewswire Read More Press Release Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM San Francisco, CA, United States, 3rd March 2026, CyberNewswire byCyberNewswire Read More Press Release GitGuardian Raises $50M Series C to Address Non-Human Identities Crisis and AI Agent Security Gap New York, NY, 11th February 2026, CyberNewswire byCyberNewswire Read More Press Release Criminal IP and OnTheHub Partner to Deliver Advanced Cybersecurity Solutions for Education Torrance, United States / California, 22nd January 2025, CyberNewsWire byCyberNewswire

Indicators of Compromise

  • url — https://www.tego.ai/blog/tego-ai-finds-anthropics-claude-tag-slack-integration-can-trigger-unauthorized-enterprise-actions

Entities

Claude Tag (product)Anthropic (vendor)Slack (product)Tego AI (vendor)AI agents (technology)