An attacker exploited indirect prompt injections to access user data via Anthropic’s Claude AI, leveraging the Files APIs and network access features. This vulnerability allows exfiltration of up to 30MB of data, including chat conversations, by hijacking the AI’s interactions with external APIs. #Claude #AnthropicAPIs
Keypoints
- An attacker used indirect prompt injections to exfiltrate data from Anthropic’s Claude AI.
- The attack exploits Claude’s Files API and network access to retrieve user data.
- Up to 30MB of data, including chat memories, can be illegally accessed in a single attempt.
- The vulnerability was initially classified as a model safety issue by Anthropic, but later recognized as a security vulnerability.
- Mitigation strategies are recommended to prevent similar data exfiltration attacks on AI models with network access.
Read More: https://www.securityweek.com/claude-ai-apis-can-be-abused-for-data-exfiltration/