GIGAZINE

Anthropic's 'Cowork' vulnerable to indirect prompt injection file exfiltration attack

Cowork, an AI agent released by Anthropic to assist with daily tasks, has been found to have a vulnerability that allows it to read and execute malicious prompts from files uploaded by users.
Hosted on MSN

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last ...