Claude Can Be Tricked Into Sending Your Private Company Data to Hackers - All It Takes Is some Kind Words

Summary

Anthropic’s Claude AI tool contains a vulnerability in its Code Interpreter that can be exploited via prompt injection to exfiltrate private user data. The interpreter, recently given network request capability, can be tricked into reading files, storing them in the sandbox and uploading them to an attacker’s Anthropic account using the Files API, with up to 30 MB per file. Researcher Johann Rehberger disclosed the issue through HackerOne; Anthropic initially classified it as a model safety issue but later acknowledged it as a security bug and said exfiltration bugs are in scope. The report recommends restricting Claude’s network calls to the user’s own account and monitoring or disabling network access.