Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration
highnewsLLM-Specific
securitysafety
Source: Embrace The RedJune 24, 2025
Summary
Anthropic's Slack MCP Server (a tool that lets AI agents interact with Slack) has a vulnerability where it doesn't disable link unfurling, a feature that automatically previews hyperlinks in messages. An attacker can use prompt injection (tricking an AI by hiding instructions in its input) to make an AI agent post a malicious link to Slack, which then leaks sensitive data like API keys to the attacker's server when Slack's systems automatically fetch the preview.
Classification
Attack Type
Prompt InjectionData Extraction
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
Affected Vendors
Anthropic
Related Issues
Original source: https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%