
Recent articles in the Wall Street Journal, Forbes and The Conversation forewarn that a new model of AI from Anthropic is able to identify bugs and vulnerabilities, "in every major operating system and every major web browser". For example, the model found a 27 year old vulnerability in OpenBSD and a 16 year old vulnerability in FFmpeg.
Other systems such as content management systems and add-ons are presumably also affected.
Anthropic has apparently decided against releasing the model to the public in the meantime because of the potential risks.
Given the seriousness of this situation, website owners should urgently update all systems to supported versions and promptly apply updates as they are released to minimise risks.
WordPress
As per the official documentation, "The only current officially supported version is the last major release of WordPress". As at 17th April 2026, anything other than WordPress version 6.9.4 is potentially at risk.
Regularly check for new versions and update promptly.
Joomla
Similarly with Joomla, anything other than the latest Joomla 5.x and 6.x releases (currently Joomla version 5.4.5 and Joomla version 6.1.0) including Joomla 3.x and Joomla 4.x are potentially at risk.
Regularly check for new versions and update promptly.
All Content Management Systems
Remove unused add-ons, themes and templates.
Minimise the number of add-ons, themes and templates.
Update the remaining third party add-ons, themes and templates to the latest versions. Regularly check for new versions and update promptly. Consider automating updates.
Look into security hardening options. Use free or paid online security scanners that can scan your website, identify weaknesses and suggest ways to fix vulnerabilities.
Many security precautions are simple and easy to implement such as enabling security headers by setting up the plugin included in the latest versions of Joomla or adding a few suitable lines to your .htaccess file or similar.
PHP
Make sure your website is running on a supported version of PHP.
Anything other than PHP version 8.2 and later is potentially at risk.
Good Quality Web Hosting
Make sure you are hosting with a good quality web hosting provider that will update servers promptly when necessary.
Backups
Take regular backups and copy the backup files off-site.
Have long retention dates on backups as it's not always immediately obvious that your website has been hacked.
Other Sensible Security Measures
Other things you can do include updating phones, computers, laptops, browsers and routers. Devices that are no longer supported should be replaced.
Use strong passwords and use a password manager to help manage your passwords.
Enable multi-factor authentication wherever possible.
Pay attention to security notices and promptly follow through with updates and other relevant advice.