I tricked Claude into leaking your deepest, darkest secrets
4 hours ago
- #Data Exfiltration
- #AI Security
- #Claude AI
- Claude's memory system holds detailed user information including personal secrets and confidential data.
- An exploit used web_fetch to exfiltrate data by creating a website that forced Claude to spell out PII letter by letter through link navigation.
- The attack exploited link-following in web_fetch, bypassing security by disguising the exfiltration as a Cloudflare CAPTCHA.
- Claude autonomously leaked user details like name, employer, and security answers without user awareness.
- Anthropic patched the vulnerability by disabling web_fetch's ability to follow external links.