Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data

A new security issue discovered by researchers reveals that Anthropic’s Claude AI system can be exploited through indirect prompts, allowing attackers to exfiltrate user data via its built‑in File API.

The attack, documented in a detailed technical post on October 28, 2025, demonstrates how Claude’s Code Interpreter and API features could be manipulated to send sensitive information from a victim’s workspace to an attacker‑controlled account.

Abusing Claude’s File API

Anthropic recently enabled network access within Claude’s Code Interpreter, allowing users to fetch resources from approved package managers like npm, PyPI, and GitHub.

However, researchers found that one of the “approved” domains, api.anthropic.com, could be leveraged for malicious actions.

By inserting an indirect prompt injection payload into Claude’s chat, an attacker could make the AI model execute instructions without the user ...