AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic’s new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker’s account, exploiting a vulnerability the company allegedly knew about.
We need DNS filtering to work on outgoing packages by default, and to make whitelist DNS stupid simple to implement for any parent and child processes. It should be as simple as launching with the command, including a preconfigured whitelist, and a pop-up message for “approve, deny, prepend to list.” System wide and incoming packet filtering is insufficient for the modern world.
But this is uploading the data to same api it uses in the first place, just uploads it to someone else’s account.
