Anthropic's Cowork Shipped With Known Vulnerability

AI Agent Can Access File Upload API to Exfiltrate Documents Rashmi Ramesh (rashmiramesh_) • January 19, 2026

Security researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about but left unpatched for three months.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

The vulnerability allows attackers to manipulate Cowork through prompt injection into uploading user files to an attacker's Anthropic account, without requiring any additional approval from the victim. Security firm PromptArmor published a proof of concept, showing how the attack works against the artificial intelligence agent.

The attack chain starts when a user connects Cowork to a local folder containing sensitive information. The user uploads a document that contains a hidden prompt injection. When Cowork analyzes the files, the injected ...