Tego AI Finds Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions

Cybersecurity start-up Tego AI reveals that the new Anthropic’s native slack integration, Claude Tag, can be triggered by non-intentional Slack content and drive unauthorized actions across enterprise systems

Tego AI

TEL AVIV, Israel, July 14, 2026 (GLOBE NEWSWIRE) -- Tego AI, a cybersecurity company, published new research identifying a potentially critical security weakness in Claude Tag, Anthropic’s native integration between Claude and Slack. Researchers observed Claude Tag responding to messages containing the literal text “@Claude” without requiring a genuine structural Slack mention. As a result, content delivered through bots, webhooks, automated feeds, or other external sources could potentially be interpreted as instructions.

The research demonstrated the potential impact through a connected internal organizational resource. Bot-generated messages instructed Claude Tag to retrieve internal information, publish it into Slack, and subsequently delete the original resource using the organization’s configured connection.

The video below demonstrates the observed behavior and its potential impact on connected organizational systems.

https://www.youtube.com/embed/WLraBvCQxM8 

“Our research raises a fundamental question for every organization deploying enterprise AI agents: who is actually authorized to instruct the agent?” said Tal Melamed, CTO and Co-Founder of Tego AI. “Organizations need controls that validate the origin and purpose of sensitive actions before an agent is allowed to execute them.”

The research also identified broader concerns involving untrusted automated content becoming an indirect instruction channel, connected applications and MCP servers expanding the potential impact, administrative access to stored channel information outside Slack’s native membership model, and limited visibility through existing history, compliance, and audit interfaces.

“A safety classifier can be an important defense, but it should not be the final authorization boundary for enterprise actions,” Melamed added. “Sensitive operations require deterministic controls that remain effective even when the model misunderstands a request, trusts the wrong identity, or makes an incorrect decision.”

Tego AI recommends applying least-privilege permissions to Claude Tag connections, preferring read-only access, avoiding channels that ingest untrusted external content, restricting administrative access, retaining relevant Slack logs, and introducing independent runtime authorization for sensitive actions.

Tego AI responsibly disclosed the findings to Anthropic. Anthropic classified the submission as informative and disputed that literal “@Claude” text or bot-generated messages initiate Claude Tag sessions under the product’s default configuration. Tego AI’s full report documents the observed behavior, supporting evidence, security implications, and disclosure timeline.

Read the full technical report, including supporting evidence and the disclosure timeline: https://www.tego.ai/blog/tego-ai-finds-anthropics-claude-tag-slack-integration-can-trigger-unauthorized-enterprise-actions

About Tego AI

Tego AI is a cybersecurity company developing runtime security and control technology for enterprise AI agents. Its platform helps organizations monitor agent activity and stop unauthorized or risky actions before agents access sensitive data or connected systems.
Tego AI currently operates in stealth. This is the company's second public security disclosure. According to Tego AI, it has identified additional security issues across other major AI agent platforms, with further disclosures planned.

Contact

CTO
Tal Melamed
Tego AI
tal@tego.ai

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/b8057080-4eb9-498e-9e15-8279fef502d5


Primary Logo

Tego AI

Tego AI

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Advanced Search Options

Search for:

Search scope:

Type:

Search in:

Date range:

The last

Sort by:

Sign up for:

Tel Aviv Free Press

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.