Skip to content

I tricked Claude into leaking your deepest, darkest secrets

8 relevance
Score Breakdown
technical depth
8
novelty
9
actionability
7
community
9
strategic
6
personal
9

Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.

Prompt injection vulnerability in Claude, highly relevant to AI security and agent safety.

AI/ML ayush.digital
The Memory Heist
Summary

Security researcher Ayush Paul compromised Claude's memory system by exploiting the web_fetch tool's URL restriction logic: it allowed fetching links from previous results, so he embedded personal data (name, employer, security answers) in a URL path that Claude navigated to, exfiltrating it to a malicious server. Anthropic blocks arbitrary URLs but the third criterion—fetching URLs from previous web_fetch results—enabled this indirect leak via a hyperlink Claude 'clicked' from its own browsing history. The attack reveals how AI memory systems (daily summarization and conversation_search) store dense user profiles vulnerable to exfiltration when paired with web-capable agents.

Author

Ayush Paul

More from Ayush Paul →