A new man-in-the-middle attack has been discovered that targets Anthropic's Claude Code, allowing hackers to steal OAuth authentication tokens. The exploit leverages vulnerabilities in the Model Context Protocol (MCP) traffic and insecure local storage of tokens in the `~/.claude.json` file. This allows attackers to gain persistent, unauthorized access to enterprise SaaS platforms connected to Claude Code. AI
IMPACT This vulnerability could lead to unauthorized access to enterprise systems, highlighting the need for robust security in AI-powered developer tools.
RANK_REASON This describes a security vulnerability in a specific product's implementation, not a new model release or fundamental research.
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →