Brutkey

Ian Campbell 🏴🏴
@neurovagrant@masto.deoan.org

This is some really smart digging: realizing that Claude Code does not require user interaction for certain bash commands, they discovered that DNS lookups were specifically allowlisted, clearing a trivial path for well-known DNS exfiltration methods.

So when I say β€œall these implementations are ignoring years and decades of lessons learned the hard way” it’s not hyperbole. Anthropic 100% cleared the path for DNS exfil here.

h/t to @cR0w@infosec.exchange - thank you!

#infosec #genai

https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/

Ian Campbell 🏴🏴
@neurovagrant@masto.deoan.org

i mean who could've expected a yearslong, deeply researched, regularly used method of data exfiltration COULD BE ABUSED BY REMOVING NECESSARY USER INTERACTION

Ian Campbell 🏴🏴
@neurovagrant@masto.deoan.org

me trying to be less adversarial towards AI and then they specifically enable noclick DNS exfil

cR0w
@cR0w@infosec.exchange

@neurovagrant@masto.deoan.org

Cat 🐈🐈πŸ₯—πŸ₯— (D.Burch) :paw:⁠:paw:
@catsalad@infosec.exchange

@cR0w@infosec.exchange @neurovagrant@masto.deoan.org I'm shocked.. SHOCKED I tell you! Well not that shocked.

Cat 🐈🐈πŸ₯—πŸ₯— (D.Burch) :paw:⁠:paw:
@catsalad@infosec.exchange

@cR0w@infosec.exchange @neurovagrant@masto.deoan.org I'm shocked.. SHOCKED I tell you! Well not that shocked.