12 comments

  • onion2k 9 minutes ago

    The main thing Claude knows about me is that I'm incredibly bad at my job and have to ask for help a lot. If you were to talk with my colleagues they'd tell you this is not a secret.

  • artisinal 16 minutes ago

    Doesn’t surprise me.

    Yesterday I learned that people run AI agents on their system with full admin rights. No containerisation or anything. Wild. Like we forgot 50 years of computer security overnight.

      progval a few seconds ago

      Most programmers and power users install large dependency trees with npm/pip/bundler/... from the same user account as their main browser. Even on Linux where it's easy to create new user accounts. This isn't much different.

      sixtyj a minute ago

      We expect that Anthropic or OAI or Google don’t do evil. Oh wait…

      The awakening will be unpleasant.

  • swipee 16 minutes ago

    Expected more from Anthropic by at least giving you a bounty, because this was a novel way of bypassing their safeguards…

  • LeoPanthera 2 minutes ago

    I always have history disabled mostly because I don't want Claude judging me for re-asking questions based on information I learned during the first pass but now realize should have been in the initial query.

  • lifthrasiir 12 minutes ago

    That's why I don't turn memory on. (Claude Code too though for a different reason.) After all the current memory system is too crude to be useful anyway.

      romanovcode 2 minutes ago

      In my experience memory system is more annoying then helpful. It always brings up things that it memorized even tho they make very little sense as if I should be impressed that it knows some extra thing or two.

      Could not take it any longer and switched it off.

  • apejcic 4 minutes ago

    Use GLM-5.2 on ZDR inference provider like sference.com

  • charcircuit 9 minutes ago

    It would be safer if these data extraction takes were done by a subagent without access to all the user's memories.

      lifthrasiir 6 minutes ago

      I think it is already done via a subagent, otherwise the context window would be flooded with long responses. In this case the subagent should've reported that a (attacker-controlled) authorization is required anyway.

  • bflesch 10 minutes ago

    Creative use of social engineering, well done.

    > "no bounty was awarded"

    Ridiculous. Anthropic engineers are not just stupid to allow such a vuln in the first place, but they also try to hide such vulns from their bosses because a bounty payout would need to be explained to the finance team.