They recently mitigated the issue: Anthropic disabled web_fetch's ability to follow links on external pages, limiting navigation to web_search results and user-provided URLs.
Could not take it any longer and switched it off.
> "no bounty was awarded"
Ridiculous. Anthropic engineers are not just stupid to allow such a vuln in the first place, but they also try to hide such vulns from their bosses because a bounty payout would need to be explained to the finance team.
I’m thinking some play on highjacking. AIjacking? Agent-jacking? Claudejacking?
We can make it sound more advanced by creating a new name for it, but the concept seems to be super basic and the lack of bounty by Anthropic is baffling.
If they know about this type of vulnerability but have not fixed it, what does that say? To me it says they are unable to plug this hole on a conceptual level and once you circumvent the band-aid fixes the model will work as the attacker wishes.
They can't even sandbox the thing during explicit web requests to URLs stated on the initial query!
One has to remind themselves that the security team at Anthropic gets paid tens of millions of dollars, and they end up with this kind of security. On top of it, they can't spare $1337 for a bounty. It's a ridiculous shit show.
what?
It would be interesting to investigate other agents such as Hermes, OpenCode etc that are said to learn from interaction with user.
Nice write up of your findings. Enjoyed reading an article written by a real human.
artisinal•44m ago
Yesterday I learned that people run AI agents on their system with full admin rights. No containerisation or anything. Wild. Like we forgot 50 years of computer security overnight.
sixtyj•29m ago
The awakening will be unpleasant.
progval•27m ago
pprotas•23m ago
krige•16m ago
hobo123•8m ago
mkagenius•16m ago
dangerously skip permissions and yolo is kinda becoming the default as it gets more done.
akazantsev•9m ago
To prevent this, you need a fake home and a networking whitelist for the agent to access the provider (llama cpp, OpenAI, etc.)
There is no cross-platform solution that is easy to use for this. And no, a Linux box with Docker won't do. I develop a cross-platform native app and want the agent to compile and fix the platform-specific errors.