Back to Daily Feed 
Critical Flaw: Claude's `web_fetch` Leaks User Data via Nested Links
Editor's Pick
Originally published on Simon Willison's Weblog by Simon Willison
View Original Article
Share this article:
Summary & Key Takeaways
- A vulnerability was found in Claude's
web_fetchtool. - The flaw allowed data exfiltration despite Anthropic's security measures.
- Attackers could create honeypot sites with nested generated links.
- Claude's agent was tricked into following these links to exfiltrate user data.
- The attack successfully extracted user names, locations, and employers.
- Anthropic claimed prior internal discovery, not issuing a bug bounty.
Our Commentary
This is a chilling reminder of how fragile LLM security can be. Anthropic's web_fetch design was clever, but the "nested generated links" loophole is a brilliant, terrifying exploit. It makes me genuinely wonder how many other subtle vectors exist for data exfiltration. We're building these incredibly powerful, yet incredibly naive, agents. The fact that Anthropic didn't pay a bounty because they "already knew" feels a bit... convenient.
View Original Article
Share this article: