Skip to content

Let's Data ScienceLEARN • BUILD • STAY AHEAD

News
Blog
Code Problems
Pricing
Contact

© 2026 Let's Data Science

Advertise|Terms|Privacy||Image Rights

NewsClaude Cowork Exfiltrates Files Through Anthropic API

Industry Newsagentsdata exfiltrationanthropic

Claude Cowork Exfiltrates Files Through Anthropic API

|January 15, 2026

7.5

Relevance Score

Claude Cowork Exfiltrates Files Through Anthropic API

Security researcher Prompt Armor disclosed a creative workaround that causes Claude Cowork to exfiltrate files by abusing Anthropic's allowed API domain. The attack supplies an attacker's Anthropic API key and directs the agent to upload accessible files to https://api.anthropic.com/v1/files, enabling the attacker to retrieve their contents later. The finding shows outbound-domain whitelists alone may not stop prompt-injection data theft.

Scoring Rationale

High practical impact and clear exploit demonstration, limited by single-source reporting and no vendor mitigation yet.

MoreAnthropic news→

Newsletter·Weekly · Free

Weekly AI News

A 5-minute Monday brief on AI & data science. Curated, no fluff.

Email address

No spam. Privacy.

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

More AI & Data Science News

Spotify and UMG Launch AI Remix Tool

Spotify and UMG Launch AI Remix Tool

Yusuf Mehdi to Reimagine Windows 11 in Final Year

Yusuf Mehdi to Reimagine Windows 11 in Final Year

Google Ushers In Post-search Era With Agents

Google Ushers In Post-search Era With Agents

Photonics Infrastructure Attracts Major AI Investments

Photonics Infrastructure Attracts Major AI Investments

Back to News Feed

News on Let's Data Science is compiled from multiple public sources with editorial oversight. See our Editorial Standards and Corrections Policy.