CYNIUS Data Protection in Artificial Intelligence (AI) integrated Security Operation

On 21 April 2026, CYNIUS applied for and was approved for Anthropic’s Cyber Verification Program (CVP) which will allow us to utilize Claude in high-risk dual-use scenarios such as red team operations, but not in prohibited uses such as mass data exfiltration or operations related to ransomware code development.

From 22 April 2026, CYNIUS will fully integrate Artificial Intelligence (AI), mainly Claude from Anthropic, into red team and blue team operations.

To provide transparency and promote understanding of how data is protected, this article will provide information about how data is treated, the measures in place to ensure the highest level of assurance possible, and ways for CYNIUS’ current clients to express concerns and ask questions.

Layers of protection transparency

Initially, all CYNIUS consultants and red teamers will be using Claude Team license, below are the protections in place. They consist of 8 layers (0-7):

  • Layers 0 and 1 are fully controlled by CYNIUS
  • Layers 2 through 7 are controlled by Anthropic
  • * Layer 2 is partially controlled by CYNIUS — specifically thumbs feedback — and is currently disabled
  • Full information on Anthropic’s privacy policy and controls can be found here.
CYNIUS

CYNIUS AI-in-the-loop privacy defense information diagram

Data flow protection with continuous intelligence alerting

LEGENDS:
Threat intel monitoring
CYNIUS control
Model design
Identity controls
Data filtering
Commercial policy
Legal rights
Layer 0 · Outermost
Continuous threat intelligence monitoring & SOC alerting
AI-assisted intel collection running in parallel to all operations — OSINT/TI feeds → AI analysis → triage → enriched brief → MS Teams SOC channel
↳ AI data submitted into this pipeline passes through all layers below
Layer 1 · CYNIUS control — pre-submission
Operational data sanitization
Client-identifying artifacts — hostnames, IPs, credentials, sector identifiers — are stripped or pseudonymized before any data enters the AI pipeline.
Pre-submission scrub Analyst-in-loop review Client data isolation
Layer 2 · Anthropic commercial policy
No training on Team/Enterprise data by default
Under commercial terms, Anthropic does not use prompts or outputs to train generative models. Structural — no configuration required. Admin can disable thumbs feedback to close the remaining opt-in vector.
Default off for commercial Opt-in required for training use Admin can disable thumbs feedback
Layer 3 · Identity controls
User ID de-linking before any training use
If data is used for training via explicit feedback, Anthropic automatically de-links it from user and organization IDs. Feedback is not combined with other conversation data.
Email removed Customer ID stripped No cross-chat combination
Layer 4 · Data filtering (Clio-derived)
Sensitive data filtering and obfuscation
Automated tools derived from Anthropic’s Clio privacy research detect and obfuscate sensitive tokens within training corpora before model ingestion.
PII detection Sensitive token obfuscation Privacy-preserving analysis
Layer 5 · Post-training techniques
Minimizing personal data in model outputs
Post-training techniques actively reduce the model’s ability to reproduce personal data from training, even if incidentally present. Memorization is minimized by design.
Output suppression training Memorization minimization
Layer 6 · Constitutional AI — model core
Model trained to refuse personal data disclosure
Constitutional AI principles (UDHR-grounded) instruct Claude to prefer responses with the least personal information and resist extraction prompts — even if prompted directly.
“Least personal info” principle Extraction-resistant UDHR-grounded
↓ innermost
Layer 7 · Legal rights — baseline floor
Data subject rights and deletion obligations
Right of access, right to deletion, right to object to processing — the legal backstop beneath all technical controls. Aligned with GDPR and PDPA obligations.
Right of access Right to deletion GDPR / PDPA aligned
Layer 0 runs continuously and independently of the data submission pipeline — monitoring supply chain breached intelligence that could affects CYNIUS AI usage pipeline and is in CYNIUS custody as layer 1. Layers 2–7 are Anthropic platform guarantees under commercial terms.

Concerns and Questions

Current CYNIUS’ clients that still have concerns about data and data protection regarding AI-in-the-loop operation can reach us at

[email protected]