LayerX is looking the flaw “ClaudeBleed.”
“LayerX reported the flaw to Anthropic,” LayerX researcher Aviad Gispan mentioned in a weblog submit. “Anthropic replied that they had been already conscious of the problem and that it could be fastened within the subsequent model of the extension.” Nonetheless, Gispan added, Anthropic’s repair was partial, and the flaw can nonetheless be exploited.
The submit demonstrated other ways the flaw can nonetheless be exploited, together with sending a file from a Google Drive folder to an outsider, sending an e-mail on behalf of a distant attacker, stealing code from a personal repository on GitHub, and summarizing emails and sending them to an exterior person.
“ClaudeBleed is a helpful demonstration of why monitoring AI brokers on the immediate layer is essentially inadequate,” mentioned Ax Sharma, head of analysis at Manifold Safety. “Probably the most subtle a part of this assault isn’t the injection, however that the agent’s perceived atmosphere was manipulated to provide actions that regarded legit from the within. That’s the category of risk the trade must be constructing defenses for.”
