Cisco Warns of Memory Poisoning Attack on Claude Code
Cisco researchers discovered a vulnerability in Claude Code, an AI coding agent, that allows attackers to persistently compromise its behavior by injecting malicious instructions into the CLAUDE.md file.
Why it matters
This report highlights a critical security vulnerability in AI-assisted development tools that could lead to persistent compromise of code and systems.
Key Points
- 1Cisco report details a 'memory poisoning' attack that exploits Claude Code's reliance on the CLAUDE.md file for context and persona across sessions
- 2Malicious instructions in CLAUDE.md can redirect code outputs, inject vulnerabilities, or exfiltrate sensitive data
- 3Risk is highest in shared/collaborative environments where CLAUDE.md can be modified by others
- 4Immediate action required to audit and secure CLAUDE.md files
Details
Cisco's security researchers published a report detailing a novel attack vector against AI coding agents: memory poisoning. The attack specifically targeted Claude Code, exploiting its ability to retain and act upon instructions from its persistent memory file, CLAUDE.md. The researchers proved that by injecting malicious instructions into this file, an attacker could permanently alter the agent's behavior, leading to a persistent compromise. This follows the recent launch of Claude Code's Computer Use feature, which expanded its attack surface by granting app-level permissions. The risk is highest in shared or collaborative environments where the CLAUDE.md file might be modified by others, or if project dependencies are compromised. Users are advised to treat CLAUDE.md with the same scrutiny as sensitive environment files, audit its contents, remove any sensitive data, and implement integrity checks to detect unauthorized modifications.
No comments yet
Be the first to comment