How I tricked Claude into leaking your deepest, darkest secrets
Named practitioner synthesis
#185
- Topic
- Model Releases
- First seen
- 2026-07-16 19:07:59
- Last seen
- 2026-07-16 19:07:59
Source raw items (1)
- Blog / Newsletter2026-07-16 19:07:19How I tricked Claude into leaking your deepest, darkest secrets
<p><strong><a href="https://www.ayush.digital/blog/the-memory-heist">How I tricked Claude into leaking your deepest, darkest secrets</a></strong></p> I've <a href="https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/">been impressed</a> by the way the Claude <code>web_fetch</code> tool is designed to avoid data exfiltration attacks. Ayush Paul found a hole in that design.</p> <p>To recap: regular Claude chat is at risk of <a href="https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/">lethal trifecta</a> attacks, because it has access to private data (in the form of memories of your past interactions) and has a tool for accessing online content which can both read hostile instructions and exfiltrate data through the URLs it accesses.</p> <p>Anthropic's protection is that <code>web_fetch</code> can only be used to navigate to exact URLs that the user has entered themselves or that were returned from its companion <code>web_search</code> tool.</p> <p>If an attacker instructs