Oasis Security — Claude.ai prompt injection & data exfiltration
AI relevance: Claude.ai processes sensitive business and personal conversations, so invisible prompt injection attacks can turn trusted AI assistants into automated data exfiltration channels without requiring MCP servers or integrations.
- Oasis Security disclosed Claudy Day, a three-vulnerability chain in Claude.ai enabling silent data exfiltration from conversation history.
- Attackers can embed invisible HTML tags in URL parameters (
claude.ai/new?q=...) that execute hidden instructions when users press Enter. - The Files API bypasses network restrictions by allowing connections to
api.anthropic.com, enabling data upload to attacker-controlled accounts. - Google Ads targeting combined with an open redirect on
claude.comallows precision attacks against specific individuals and organizations. - Even default Claude.ai sessions contain rich sensitive data: business strategy, financial planning, health concerns, and personal conversations.
- Anthropic has fixed the prompt injection vulnerability, with remaining issues currently being addressed.
- The attack requires no MCP servers or integrations — just capabilities that ship out-of-the-box with Claude.ai.
- Oasis responsibly disclosed through Anthropic's Responsible Disclosure Program before publication.
Why it matters
AI assistants like Claude.ai process highly sensitive conversations that users assume are private. The Claudy Day attack demonstrates how prompt injection can turn trusted AI tools into automated data exfiltration channels without the user's knowledge, highlighting the need for robust AI agent security governance.
What to do
- Update Claude.ai to ensure you have the prompt injection fix
- Audit AI agent usage across your organization and what data they access
- Disable unnecessary integrations to reduce attack surface
- Educate users that shared links and pre-filled prompts can contain hidden instructions 极
- Implement agent governance with the same rigor as human users and service accounts