1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Three high-risk AI vulnerabilities discovered in Claude.ai end-t

    From TechnologyDaily@1337:1/100 to All on Thursday, March 19, 2026 16:15:27
    Three high-risk AI vulnerabilities discovered in Claude.ai end-to-end attack chain exfiltrates sensitive info without user knowing

    Date:
    Thu, 19 Mar 2026 16:00:00 +0000

    Description:
    A legitimate Google ad could lead to data exfiltration through a chain of Claude flaws.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter Sign up for
    breaking news, reviews, opinion, top tech deals, and more. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter Oasis researchers uncover Cloudy Day attack chain in Claude Exploits include invisible prompt injection, data exfiltration via API, and open redirects Anthropic patched one flaw, fixes for remaining two underway Security researchers Oasis recently found three vulnerabilities in Claude which, when used together, form a complete attack chain - from targeted victim delivery
    to sensitive data exfiltration.

    The researchers dubbed it Cloudy Day and responsibly disclosed it to Anthropic. One of the bugs was already patched, with fixes for the other two currently in the works. Article continues below You may like Security experts flag multiple issues in Claude Code, warning, 'As AI integration deepens, security controls must evolve to match the new trust boundaries' Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event 'A human-chosen password doesn't stand a chance': OpenClaw has yet another major security flaw here's what we know about "ClawJacked" Abusing Google In an in-depth report published on the companys website, Oasis said that the theoretical attack starts with invisible prompt injection via URL parameters. The researchers discovered that Claude.ai allows users to
    open a new chat with a pre-filled prompt via a URL parameter (claude.ai/new?q=...). Since users can embed HTML tags into the parameter, these can be used to smuggle invisible prompts that Claude will process when the user hits Enter.

    But injecting a malicious prompt is just the first step. Claudes code execution sandbox does not allow outbound network access, meaning the tool cant connect to a third-party server. It can, however, connect to api.anthropic.com, and if the attacker embeds an API key in the prompt, they can tell Claude to search through all of the victims previous conversations for sensitive information, generate a file, and upload it to the attackers Anthropic account using the Files API.

    No integrations or external tools needed, just capabilities that ship out of the box.

    Okay, so we have prompt injection and data exfiltration - but how do we get the victims to click on the link with a pre-filled prompt? A simple phishing email might suffice, but Oasis found an even more dangerous method. The third vulnerability revolves around open redirects on claude.com. Any URL in the format of claude.com/redirect/ redirects visitors without validation, including to arbitrary third-party domains. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    At the same time, Google Ads only validates URLs by hostname, which means an attacker could create a seemingly legitimate ad on Googles network and use it to rob people.

    The prompt injection vulnerability has since been addressed, and Anthropic is currently working on fixes for the other two as well, Oasis confirmed. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/three-high-risk-ai-vulnerabilities-disc overed-in-claude-ai-end-to-end-attack-chain-exfiltrates-sensitive-info-without -user-knowing


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)