When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Calendar invite to silently compromise an entire system,” analysts, consultants, security leaders, and even Anthropic didn’t dispute the facts.  But the revelation did reignite the debate about whether it is the responsibility of AI vendors to ship buttoned-down secure products, or if it’s the CISOs’ responsibility to change settings to fit their business environment. “Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full system privileges. As a result, Claude c...