New Attack Chain Targeting Claude Involves “Invisible Prompt” Vulnerability
The attack chain relies on three specific vulnerability elements: an open redirect from the main Claude website that makes a malicious URL look like a legitimate link to the AI, a prompt injection in the attack URL that is not visible to the end user, and a means by which to exfiltrate requested data via the Claude API.