Anthropic· Security· San Francisco, CA
Security Labs Engineer
Classified Tasks (19)
Automate 0%Augment 79%Human-Only 21%
Augment (15)
AI assists, human decides
Execute short-duration projects (on the order of weeks) from prototype to handoff or wind-down.
operational
Hand off completed projects to the Anthropic team that will own them in production.
operational
Wind down unsuccessful projects and write up findings and lessons learned.
analytical
Stand up a prototype high-assurance research cluster.
technical
Identify exactly where productivity breaks under extreme isolation in research workflows.
analytical
Design and implement cryptographic verification schemes to prove that a given output came from a specific model running specific code.
technical
Implement zero-knowledge proofs and attestation-chain mechanisms for provable inference.
technical
Replace the container runtime with a hypervisor-isolated microVM substrate across the fleet.
technical
Deploy hypervisor-isolated microVMs across infrastructure to protect workload integrity.
technical
Design and implement architecture changes to ensure a compromised host cannot affect workload integrity.
technical
Compile an ML kernel through a formally verified compilation pipeline.
technical
Produce machine-checked proofs of equivalence for every lowering step in the ML compilation pipeline.
technical
Evaluate whether core research workflows can survive extreme isolation.
analytical
Design cryptographic guarantees to replace implicit trust in system components.
technical
Investigate and prototype using models themselves as effective security controls.
technical
Human-Only (4)
Requires human judgment
Run a portfolio of high-risk, high-expected-value security research projects.
leadership
Run real Anthropic training and research workloads under extreme isolation and physical security controls.
technical
Determine and specify inventions or changes required to restore productivity in isolated research environments.
creative
Define what would be required to defend against a tier-1 state adversary and build feasible defensive components now.
leadership
Job description
About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role Frontier AI is on track to be among the most consequential and most adversarially-targeted technology in the world. The capability curve is steep, the adversaries who want these systems are extremely well-resourced, and the security bar this will eventually require is well beyond where the industry operates today. Incremental hardening alone is not going to close that gap, so we need breakthroughs and a group of people to go find them. Security Labs is that team. We run a portfolio of high-risk, high-expected-value security projects: the work that seems impractical until someone optimistic and stubborn enough actually tries it. Projects run on the order of weeks rather than quarters, and each one is either handed off to the Anthropic team that will own it in production or wound down with a writeup of what we learned. We expect a meaningful fraction of our bets not to land. This is an experimental team and we expect a meaningful fraction of our bets not to land; the team itself is on a prove-out, engineers in this role need to be comfortable taking risks. If a 30% project success rate with that much ambiguity sounds uncomfortable or spending your time looking into uncharted and chaotic territory isn’t frightening and exciting, this probably isn't the right fit. There are other places in Anthropic Security doing important work with more structure, less risk, and more productive paths to positive outcomes. The questions we're trying to answer include: Can our core research workflows survive extreme isolation? Can we replace trust with cryptographic guarantees? Can the models themselves become our most effective security control? What would it actually take to defend against a tier-1 state adversary, and how much of that can we build now? Who we're looking for. We're hiring generalists with rare depth. You're a strong software engineer as a baseline, and on top of that you've gone deep in at least one area most engineers don't get near: firmware or hardware security, applied cryptography, OS / kernel / hypervisor internals, formal methods, reverse engineering, or high-assurance and cross-domain systems. You've built things under your own direction, you're comfortable jumping layers when the problem demands it, and you'd rather take a swing at something that might not work than ship the safe incremental thing. You think the trajectory of AI matters a great deal, you're not comfortable with how the security side of it is going by default, and you'd rather be on the inside building the answer than watching from outside. Current Project Areas The portfolio changes as we learn. The kinds of bets currently in flight or queued: Standing up a prototype high-assurance research cluster: running real Anthropic training and research workloads under extreme isolation and physical security controls, and finding out exactly where productivity breaks and what we'd need to invent to get it back Provable inference: cryptographic verification (zero-knowledge proofs, attestation chains) that a given output came from a specific model running specific code, replacing "trust us" with math Swapping our container runtime for a hypervisor-isolated microVM substrate across the fleet, so a compromised host can't touch workload integrity Compiling an ML kernel through a formally verified pipeline where every lowering step carries a machine-checked proof of equivalence, making compilation-laye