Ian Campbell π΄
@neurovagrant@masto.deoan.org
This is some really smart digging: realizing that Claude Code does not require user interaction for certain bash commands, they discovered that DNS lookups were specifically allowlisted, clearing a trivial path for well-known DNS exfiltration methods.
So when I say βall these implementations are ignoring years and decades of lessons learned the hard wayβ itβs not hyperbole. Anthropic 100% cleared the path for DNS exfil here.
h/t to @cR0w@infosec.exchange - thank you!
#infosec #genai
https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/
Adam Shostack :donor: :rebelverified:@adamshostack@infosec.exchange
@neurovagrant@masto.deoan.org @cR0w@infosec.exchange "None of this would have been a problem if Anthropic had published their threat model!" (cc @lmk@infosec.exchange )
