Prompt-Injection

The attack required no action from the victim. Visit a page. Leave. By the time the browser tab closed, the extension had already talked to Claude, exported chat history, read Gmail, and potentially sent an email under your name. Patched in Claude Chrome extension v1.0.41. Here is how the chain worked. The Attack Chain The Claude Chrome extension trusted any page on *.claude.ai to send it messages. That wildcard, every subdomain under claude.ai, is where the attack found its entry point. ...

You download a free PDF, a VS Code extension, a font pack. The file lands on your machine, and your background AI agent reads it. The file contains hidden instructions. The agent follows them. That is not a hypothetical. That is the exact threat model nobody is naming right now. OpenAI’s Codex runs silently on Mac while you work, learning from previous actions and picking up repeating tasks in parallel. Perplexity Personal Computer puts local agents on your machine with access to local files, native apps, and the web. Both ship with the premise that background access creates leverage. It does. It also creates exposure. These two things are not separable. ...

I have submitted 193 job applications since January. 193 is a dataset. Confirmation emails arrive within seconds, denial letters on a schedule that matches no known business hours. The support chat deflection timing tells you which platform the company bought. After enough of them, you stop reading the message and start reading the system. HR AI agents are an injection surface that most organizations are not monitoring because they were not bought as security infrastructure. ...