Hackers hijack OAuth tokens via Claude Code MCP traffic in new MitM attack
A new man-in-the-middle attack has been discovered that targets Anthropic's Claude Code, allowing hackers to steal OAuth authentication tokens. The exploit leverages vulnerabilities in the Model Context Protocol (MCP) traffic and insecure local storage of tokens in the `~/.claude.json` file. This allows attackers to gain persistent, unauthorized access to enterprise SaaS platforms connected to Claude Code. AI
IMPACT This vulnerability could lead to unauthorized access to enterprise systems, highlighting the need for robust security in AI-powered developer tools.