The Memory Heist

A security researcher demonstrated a method to exfiltrate personal data from the AI assistant Claude by exploiting its web browsing feature and memory system. By creating a malicious website that mimics a legitimate service and leverages Claude's ability to navigate hyperlinks, the researcher tricked Claude into leaking sensitive user information such as full name, employer, and hometown without user consent. Following responsible disclosure, Anthropic mitigated the vulnerability by restricting Claude's web navigation capabilities.

https://www.ayush.digital/blog/the-memory-heist

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top