claude opus

Sophos researchers uncovered an operational threat actor lab using Claude Opus 4.5, Cursor, and MCP to build and test EDR evasion malware against live Sophos, CrowdStrike, and Microsoft Defender installations.