Voices
'Claudy Day': Three-Stage Attack Chain in Claude.ai Silently Exfiltrates Data via Anthropic's Own Files API
Security researchers disclosed a chained exploit in Claude.ai combining invisible prompt injection via URL parameters, silent data exfiltration routed through an attacker's Anthropic Files API account (bypassing conventional network monitoring), and an open redirect on claude.com abused via Google Ads. Anthropic patched the prompt injection vector post-disclosure but mitigations for the exfiltration and redirect flaws remain in progress. The attack's use of Anthropic's own infrastructure as the exfil channel is the most operationally novel detail.
Source
↳ Follow the thread