What are the security risks of Claude API hallucinations?

Claude can hallucinate API endpoints, function signatures, and library methods that do not exist, leading developers to implement code based on incorrect assumptions. This is a security risk when the hallucinated API patterns bypass security controls that the real API provides, or when developers create workarounds for non-existent limitations. Claude may also reference outdated library versions with known vulnerabilities or suggest deprecated authentication methods that are no longer considered secure. Hallucinated configuration options can lead to applications running with weaker security settings than intended. UNPWNED helps catch the downstream effects of these hallucinations by testing the actual security behavior of your deployed application.