Vulnerability in Anthropic's Claude AI
A critical flaw in Anthropic's Claude AI allows attackers to steal user data using the platform's own File API.
A security researcher discovered that hidden commands can hijack Claude's Code Interpreter, tricking the AI into sending sensitive data, such as chat histories, directly to an attacker.
Attackers can exfiltrate user data via a chained exploit that abuses the platform's own File API.
Anthropic initially dismissed the report on October 25, but later acknowledged a "process hiccup" and reversed its decision on October 30.
Author's summary: Claude AI has a critical vulnerability.