Critical Claude Bug Discovered After Code Accidentally Released
It is old news (as in 3 days old) that Anthropic, maker of Claude, accidentally included hundreds of thousands of source code when they included an internal file in a public release. That file was only meant for internal use.
That, by itself, is embarrassing but not catastrophic. It certainly helps hackers look for bugs, but bugs should not be there and hopefully, it will be the good guy hackers who find them.
Fast forward just two days and it already happened. Researchers at Adversa AI discovered the bug. In an effort to improve performance of Claude Code, they implemented an arbitrary guardrail, which, if unknown (security by obscurity) might, possibly, be okay and never discovered. But if you can look at the source code, well, then we have a different story.
Sigrid Jin, a 25 year old college student worked with Yeachan Heo along with 10 OpenClaws, a MacBook Pro and just a few hours to recreate the code that was accidentally released in readable form, including comments.
That code will exist forever on the Internet – 512,000 lines of TypeScript in 1,900 files.
But then the folks from Adversa started looking at the code and discovered that if you nest a particular command more than 50 levels deep in one place, the user interface freezes. Their solution was to ask the user if things are okay if you go more deep than that (a better technical explanation is at the link).
The problem is that if you use AI to attack the AI, that “ask” effectively becomes a “sure, go for it” all the time with no user even knowing it.
What Anthropic plans to do about it is not announced, but there are several simple brute force solutions that could be put in place (like if you nest commands more than 50 levels deep and it gets into a situation where it needs approval, instead of defaulting to ask, default to deny). Would this break some really rare edge cases? Maybe. Deal with it.
Maybe Anthropic has already quietly fixed it.
But what happened in just two days is what makes leaking your source code both dangerous and a blessing – depending on who is hacking it.
Credit: Security Week
by 