LayerX is asking the flaw “ClaudeBleed.”
“LayerX reported the flaw to Anthropic,” LayerX researcher Aviad Gispan stated in a weblog put up. “Anthropic replied that they have been already conscious of the problem and that it will be fastened within the subsequent model of the extension.” Nonetheless, Gispan added, Anthropic’s repair was partial, and the flaw can nonetheless be exploited.
The put up demonstrated other ways the flaw can nonetheless be exploited, together with sending a file from a Google Drive folder to an outsider, sending an e mail on behalf of a distant attacker, stealing code from a non-public repository on GitHub, and summarizing emails and sending them to an exterior consumer.
“ClaudeBleed is a helpful demonstration of why monitoring AI brokers on the immediate layer is basically inadequate,” stated Ax Sharma, head of analysis at Manifold Safety. “Essentially the most subtle a part of this assault isn’t the injection, however that the agent’s perceived atmosphere was manipulated to provide actions that seemed reputable from the within. That’s the category of menace the trade must be constructing defenses for.”
