Claude Cowork demo exposes file exfiltration risk

// 95d agoSECURITY INCIDENT

Claude Cowork demo exposes file exfiltration risk

PromptArmor demonstrates that Anthropic's Claude Cowork research preview can be tricked by indirect prompt injection into uploading local files to an attacker's Anthropic account. The issue turns Cowork's deep desktop and file access into a serious data exfiltration risk, especially for non-technical users who are unlikely to spot hidden malicious instructions.

// ANALYSIS

This is the dark side of agentic UX: the more useful a desktop AI becomes, the bigger the blast radius when prompt injection slips past its guardrails.

–PromptArmor says the attack abuses an already known isolation flaw plus allowlisted access to Anthropic's own API, giving the model a trusted path to move stolen data out
–The demo hides malicious instructions inside a seemingly normal document or "skill" file, which is exactly the kind of content users are encouraged to upload and reuse
–The most alarming detail is that the exfiltration flow reportedly needs no human approval once Cowork has access to the local folder and reads the injected file
–Anthropic positions Cowork as a research preview with unique risks, but this case shows why warning banners are not enough when the target audience includes everyday knowledge workers
–For AI developers, the lesson is bigger than Claude: any agent with filesystem access, tool use, and outbound API permissions needs much stronger isolation and policy enforcement

// TAGS

claude-coworkagentllmapisafety

DISCOVERED

95d ago

2026-03-06

PUBLISHED

95d ago

2026-03-06

RELEVANCE

8/ 10

AUTHOR

Rob The AI Guy

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

MODEL27m ago

Claude Fable 5 launch sparks massive developer backlash

Anthropic's Claude Fable 5 launch faces severe developer backlash over aggressive safety restrictions, high pricing, and a forced 30-day data retention policy. The model silently routes chemistry, biology, and cybersecurity requests to the older Opus 4.8 model, frustrating users with opaque downgrades and anti-distillation blocks.

MODEL27m ago

Designers praise Claude Fable 5 landing pages

Educator and designer Meng To highlighted Claude Fable 5's capability for creating landing pages on X, calling the model "a monster" for the task. Released in June 2026, Claude Fable 5 is Anthropic's latest Mythos-class AI model, featuring a 1-million-token context window, a 128,000-token output capacity, and advanced reasoning for long-horizon agentic workflows, making it highly effective for complex design and front-end code generation tasks.

MODEL1h ago

Claude Fable 5 hits Google Cloud

Anthropic's new Mythos-class frontier AI model, Claude Fable 5, is now generally available on Google Cloud's Agent Platform (Vertex AI). Designed for complex, long-horizon reasoning and autonomous workflows, Fable 5 is built for tasks such as software engineering, deep research, and multi-day agentic execution, featuring built-in safety guardrails that automatically redirect sensitive queries to Claude Opus 4.8.