this post was submitted on 19 Jan 2026
13 points (100.0% liked)

Pulse of Truth

2325 readers
60 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth@infosec.pub
13
Anthropic's Cowork Shipped With Known Vulnerability (www.bankinfosecurity.com)
submitted 1 month ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub
2 comments fedilink hide all child comments
 

AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.

you are viewing a single comment's thread
view the rest of the comments
[–] leds@feddit.dk 1 points 1 month ago

But this is uploading the data to same api it uses in the first place, just uploads it to someone else's account.