Skip to content
AnthropicAnthropicSan Francisco, CA

Threat Intel Manager, Model Exploitation & Fraud

Lead the Model Exploitation & Fraud team in Threat Intelligence at Anthropic. Set strategy, hire and manage technical investigators, direct complex investigations into AI model distillation, account abuse, and fraud networks, and engage with U.S. government partners. Requires management experience with senior ICs, domain expertise in scaled abuse, and proficiency in SQL/Python.

375k – 455k
Hybrid8+ YOESecurity Engineering

About the role

Key Responsibilities

  • Own strategy, priorities, and outcomes for the Model Exploitation & Fraud mission area; define what we detect, investigate, action, and share.
  • Hire, manage, and develop a team of technical threat investigators; set the quality bar for casework and intelligence reporting.
  • Design clear lanes between this role and the team's senior individual contributors: strategy, people leadership, and program ownership sit with you, while ownership of the deepest technical investigations and tradecraft stays with the senior experts closest to the work.
  • Capable of independently leading complex investigations.
  • Direct, prioritize, and resource complex investigations into model distillation, unauthorized AI R&D usage, unauthorized access, coordinated account abuse, and fraud/scam networks, partnering with the senior investigators who lead the deepest technical casework and clearing blockers from their path.
  • Drive the redesign of triage for a very high-volume detection pipeline: partner with investigators and engineering to build abuse signals, clustering, and agentic investigation workflows that separate sophisticated actors from noise.
  • Expand the team's coverage into fraud and scams, building the detection and investigation playbooks from the ground up.
  • Own the external engagement program for the area, including regular intelligence sharing with U.S. government partners and industry peers, ensuring the investigators driving the work are visible in those channels.
  • Anticipate how resellers, proxies, and third-party platforms change the abuse surface, and shape coverage accordingly.
  • Work with policy, enforcement, and engineering to convert findings into bans, product mitigations, and safety-by-design improvements.
  • Define and report the team's metrics; brief Safeguards and company leadership on the threat landscape.

Minimum Qualifications

  • Have led and managed investigative, fraud, platform integrity, or threat intelligence teams, ideally ones built around senior, deeply specialized individual contributors.
  • Have strong domain fluency in scaled abuse — fraud patterns, account abuse, unauthorized access, or platform exploitation economics — sufficient to set priorities, pressure-test findings, and earn the confidence of expert investigators.
  • Are proficient enough in SQL and Python to review data-heavy casework, pressure-test conclusions, and provide surge capacity when the team needs it.
  • Have experience overseeing investigations that track threat actors across surface, deep, and dark web environments, including reseller and access-broker communities.
  • Have working familiarity with large language models and a strong grasp of how models can be distilled, extracted, or exploited at scale.
  • Have built processes, detection systems, or programs from scratch and can show what changed because of them.
  • Communicate crisply with executives, engineers, and external partners alike.

Preferred Qualifications

  • Experience at a major technology platform on trust and safety, fraud, or abuse investigations at scale.
  • Background in financial crime investigation or fraud analytics.
  • Experience working directly with U.S. government stakeholders on threat reporting.
  • A track record of partnering with, growing, and retaining senior technical specialists, including defining clear scope between management and senior IC tracks.
  • Fluency in Mandarin Chinese and/or Russian with nuanced regional and geopolitical context.
  • Active Top Secret security clearance.

Education and Experience

  • Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience.
  • Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience.
  • Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position.

Skills

SQLPythonThreat IntelligenceFraud DetectionModel DistillationAccount AbuseDark Web InvestigationLLMsGovernment Engagement
Anthropic

Threat Intel Manager, CBRN-E & Advanced Weapons

AnthropicSan Francisco, CA +2

Lead and build Anthropic's CBRN-E & Advanced Weapons threat intelligence team. Investigate and disrupt AI misuse for chemical, biological, radiological, nuclear, explosives, and novel weapons development; manage investigators, engage government partners, and inform AI safety strategies. Requires deep biosecurity/weapons expertise, team leadership, and LLM knowledge.

375k – 455k
Hybrid7+ YOESecurity Engineering
OpenAI

Global Detection and Response Lead

OpenAISan Francisco, CA

Leads global cybersecurity detection and response operations at OpenAI, overseeing monitoring, incident response, and team building. Requires 10+ years in cybersecurity, deep expertise in detection engineering and observability stacks, and US security clearance eligibility.

347k – 490k
On-site10+ YOESecurity Engineering
Anthropic

Software Security Engineering Manager, Secure Frameworks

AnthropicSan Francisco, CA +1

Lead the Secure Frameworks Research team at Anthropic to build high-leverage security libraries and frameworks (cryptographic, serialization, authorization) that prevent vulnerabilities in AI model development. Manage engineers, drive adoption across teams, and balance security rigor with development velocity; requires 5+ years security/software engineering and 3+ years managing security teams.

405k – 485k
Hybrid8+ YOESecurity Engineering
Anthropic

Platform Security Engineering - OpenBMC

AnthropicSan Francisco, CA +2

Founding engineer building and securing OpenBMC firmware for x86/Arm server fleets. Own production firmware, manageability features, and security hardening including secure boot, attestation, and threat modeling.

405k – 405k
Hybrid8+ YOESecurity Engineering
Anthropic

Platform Hardware Security Engineer

AnthropicSan Francisco, CA +2

Design and implement security architectures for bare-metal infrastructure including secure boot chains, attestation systems, and firmware security for AI training hardware. Requires expertise in low-level systems security, cryptographic protocols, and hardware root of trust technologies.

405k – 405k
Hybrid8+ YOESecurity Engineering