I tricked Claude into leaking your deepest, darkest secrets
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Prompt injection vulnerability in Claude, highly relevant to AI security and agent safety.
Security researcher Ayush Paul compromised Claude's memory system by exploiting the web_fetch tool's URL restriction logic: it allowed fetching links from previous results, so he embedded personal data (name, employer, security answers) in a URL path that Claude navigated to, exfiltrating it to a malicious server. Anthropic blocks arbitrary URLs but the third criterion—fetching URLs from previous web_fetch results—enabled this indirect leak via a hyperlink Claude 'clicked' from its own browsing history. The attack reveals how AI memory systems (daily summarization and conversation_search) store dense user profiles vulnerable to exfiltration when paired with web-capable agents.