The Memory Heist
Summary
The author demonstrates a data exfiltration technique targeting Claude's memory and web-browsing features, showing how a chatbot can leak PII through carefully crafted interactions and navigation. It discusses exfiltration vectors, prompt injection attempts, a 'turnstile' phishing concept, and responsible disclosure to Anthropic, along with mitigations such as limiting web_fetch to user-provided URLs.