Interesting that the submission just before this is about:

Anthropic response to 1-click pwn: Shouldn't have clicked 'ok': https://news.ycombinator.com/item?id=48057836

This makes me think a bit more about this CVE more too.

Anthropic lately has been really trying to burn any/every good will that they have it seems. Also a bit ironical about how the most dangerous model (Mythos) which can find CVE in other projects wasn't able to find this CVE within the claude-code project itself.