TZUTC: -0500
MSGID: 1658.consprcy@1:2320/105 2d6b59b8
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Claude can be tricked into sending your private company data to hackers - all
it takes is some kind words

Date:
Fri, 31 Oct 2025 18:28:00 +0000

Description:
An attacker can manipulate Claude via prompt injection to exfiltrate user data

FULL STORY

Claude one of the more popular AI tools out there, carries a vulnerability
which allows threat actors to exfiltrate private user data, experts have
warned. 

Cybersecurity researcher Johann Rehberger, AKA Wunderwuzzi, who recently 
wrote an in-depth report on his findings, finding at the heart of the problem
is Claudes Code Interpreter, a sandboxed environment that lets AI write and
run code (for example, to analyze data or generate files) directly within a
conversation. 

Recently, Code Interpreter gained the ability to make network requests, which
allows it to connect to the internet and, for example, download software
packages.

Keeping an eye on Claude 

By default, Anthropics Claude is supposed to access only safe domains like
GitHub or PyPI, but among the approved domains is api.anthropic.com (the same
API Claude itself uses), which opened the door for exploitation. 

Wunderwuzzi showed he was able to trick Claude into reading private user 
data, save that data inside the sandbox, and upload it to his Anthropic
account using his own API key, via Claudes Files API. 

In other words, even though the network access seems restricted, the attacker
can manipulate the model via prompt injection to exfiltrate user data. The
exploit could transfer up to 30 MB per file, and multiple files could be
uploaded. 

Wunderwuzzi disclosed his findings to Anthropic via HackerOne, and even 
though the company initially classified it as a model safety issue, not a
security vulnerability, it later acknowledged that such exfiltration bugs are
in scope for reporting. At first, Anthropic said users should monitor Claude
while using the feature and stop it if you see it using or accessing data
unexpectedly. 

A subsequent update said: Anthropic has confirmed that data exfiltration
vulnerabilities such as this one are in-scope for reporting, and this issue
should not have been closed as out-of-scope, he said in the report. There was
a process hiccup they will work on addressing. 

His suggestion to Anthropic is to limit Claudes network communications to the
users own account only, and users should monitor Claudes activity closely or
disable network access if concerned. 

 Via The Register 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/claude-can-be-tricked-into-sending-your
-private-company-data-to-hackers-all-it-takes-is-some-kind-words

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426