The Chonkerton

How I tricked Claude into leaking your deepest, darkest secrets

ai

Security researcher Ayush Paul found a loophole in Claude's web_fetch defenses, per Simon Willison's Weblog. The tool was designed to prevent data exfiltration by controlling which URLs could be accessed. But web_fetch was allowed to follow links embedded within pages it had previously fetched—and Paul created a honeypot site that exploited this flaw. Using a clever attack prompt disguised as a Cloudflare authentication challenge, the site guided Claude through a chain of dynamically generated links. The attack worked, successfully extracting the user's name, home city, and employer. Anthropic has now closed the loophole by removing web_fetch's ability to navigate links found within its own fetched content. The company declined to award a bug bounty, saying they had already identified the vulnerability internally.

Source: https://simonwillison.net/2026/Jul/15/claude-web-fetch-ex...

Listen to this story

Hear this and more stories in a personalized audio briefing.

Open The Chonkerton