home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   CONSPRCY      How big is your tinfoil hat?      2,445 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,901 of 2,445   
   Mike Powell to All   
   Claude can be tricked int   
   01 Nov 25 09:46:22   
   
   TZUTC: -0500   
   MSGID: 1658.consprcy@1:2320/105 2d6b59b8   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Claude can be tricked into sending your private company data to hackers - all   
   it takes is some kind words   
      
   Date:   
   Fri, 31 Oct 2025 18:28:00 +0000   
      
   Description:   
   An attacker can manipulate Claude via prompt injection to exfiltrate user data   
      
   FULL STORY   
      
   Claude one of the more popular AI tools out there, carries a vulnerability   
   which allows threat actors to exfiltrate private user data, experts have   
   warned.    
      
   Cybersecurity researcher Johann Rehberger, AKA Wunderwuzzi, who recently    
   wrote an in-depth report on his findings, finding at the heart of the problem   
   is Claudes Code Interpreter, a sandboxed environment that lets AI write and   
   run code (for example, to analyze data or generate files) directly within a   
   conversation.    
      
   Recently, Code Interpreter gained the ability to make network requests, which   
   allows it to connect to the internet and, for example, download software   
   packages.   
      
   Keeping an eye on Claude    
      
   By default, Anthropics Claude is supposed to access only safe domains like   
   GitHub or PyPI, but among the approved domains is api.anthropic.com (the same   
   API Claude itself uses), which opened the door for exploitation.    
      
   Wunderwuzzi showed he was able to trick Claude into reading private user    
   data, save that data inside the sandbox, and upload it to his Anthropic   
   account using his own API key, via Claudes Files API.    
      
   In other words, even though the network access seems restricted, the attacker   
   can manipulate the model via prompt injection to exfiltrate user data. The   
   exploit could transfer up to 30 MB per file, and multiple files could be   
   uploaded.    
      
   Wunderwuzzi disclosed his findings to Anthropic via HackerOne, and even    
   though the company initially classified it as a model safety issue, not a   
   security vulnerability, it later acknowledged that such exfiltration bugs are   
   in scope for reporting. At first, Anthropic said users should monitor Claude   
   while using the feature and stop it if you see it using or accessing data   
   unexpectedly.    
      
   A subsequent update said: Anthropic has confirmed that data exfiltration   
   vulnerabilities such as this one are in-scope for reporting, and this issue   
   should not have been closed as out-of-scope, he said in the report. There was   
   a process hiccup they will work on addressing.    
      
   His suggestion to Anthropic is to limit Claudes network communications to the   
   users own account only, and users should monitor Claudes activity closely or   
   disable network access if concerned.    
      
    Via The Register    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/claude-can-be-tricked-into-sending-your   
   -private-company-data-to-hackers-all-it-takes-is-some-kind-words   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca