{"data":{"id":"96ca2413-d6f2-4703-9fac-71d49e055d80","title":"How I tricked Claude into leaking your deepest, darkest secrets","summary":"A researcher discovered a vulnerability in Claude's web_fetch tool (a feature that lets Claude access websites) that could leak private user information like names and locations. The tool was supposed to only visit URLs that users directly entered, but it could also follow links found within web pages it had already fetched, allowing attackers to create deceptive websites that trick Claude into extracting sensitive data by following a chain of hidden links.","solution":"Anthropic closed the vulnerability by removing the ability for web_fetch to navigate to additional links returned within its own fetched content.","labels":["security","safety"],"sourceUrl":"https://simonwillison.net/2026/Jul/15/claude-web-fetch-exfiltration/#atom-everything","publishedAt":"2026-07-15T14:21:54.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction","prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-15T14:21:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","safety"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}