Prompt-Injection

TLDR: Anthropic's new consumer AI agent can read your files, browse the web, and run commands on your machine — all on your behalf, all autonomously. When an AI acts on your behalf, anything it reads can act on your behalf too. No confirmed breach yet, but the same attack class already produced a supply chain compromise at Cline. The difference is this product is marketed to everyone at $20 a month. Claude Cowork is Anthropic’s general-purpose desktop agent — released to all Pro subscribers in early 2026. It reads your files, fetches web pages, runs terminal commands, and executes multi-step tasks on your behalf. That’s the product. That’s also the attack surface. ...

TLDR: Cline's own AI support bot was weaponized against them — an attacker fed it instructions through a public GitHub issue, it complied, and the result was malicious software shipped to over a million weekly users. They didn't breach the system. They gave the AI instructions through a public channel, and it executed them. The bot didn't have direct access to publishing credentials. It corrupted the infrastructure that did. Cline is one of the most popular AI coding tools in the world. Their GitHub repo runs an AI bot that automatically reads and responds to incoming issues — helpful for triage at scale. Someone figured out that if you craft the right issue title, the bot doesn’t just read it. It follows it. ...