Researchers Detail Prompt Injection, API and Redirect Flaws. Oasis Security researchers found three bugs in Claude that attackers can chain to steal user chat data without malware or phishing. The Claudy Day attack links hidden prompt injection, Anthropic’s Files API and an open redirect. Anthropic has fixed the core flaw.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/claudy-day-forecast-chat-data-theft-a-31059
