Claude’s new AI file-creation feature ships with security risks built in

Anthropic provides an allowlist of domains Claude can access for all users, including api.anthropic.com, github.com, registry.npmjs.org, and pypi.org. Team and Enterprise administrators have control over whether to enable the feature for their organizations

Anthropic’s documentation states the company has “a continuous process for ongoing security testing and red-teaming of this feature.” The company encourages organizations to “evaluate these protections against their specific security requirements when deciding whether to enable this feature.”

Prompt injections galore

Even with Anthropic’s security measures, Willison says he’ll be cautious. “I plan to be cautious using this feature with any data that I very much don’t want to be leaked to a third party, if there’s even the slightest chance that a malicious instruction might sneak its way in,” he wrote on his blog.

We covered a similar potential prompt-injection vulnerability with Anthropic’s Claude for Chrome, which launched as a research preview last month. For enterprise customers considering Claude for sensitive business documents, Anthropic’s decision to ship with documented vulnerabilities suggests competitive pressure may be overriding security considerations in the AI arms race.