Anthropic Claude secretly persistently re-installs spyware on your computer

Just a heads up for those headlessly rushing to integrate all things "artificial intelligence" into everything they own and trust, including automating away control of their home automation.

Why, even a majority of new integrations announced right here are vibe assisted, or at least vetted by some form of AI.

How does AI know how to help you? It must be all seeing, all powerful, right?
To the point of dark patterns?
Is it OK if it has your banking passwords, your crypto keys, your GitHub access? All the open tabs in your browser? Without asking you, silently pre-installing backdoors before asking? Re-installing them at whim when you stomp on them? Spyware?

Then charge you for the privilege of being hacked?

Read and weep. Be aware. Be very aware.

Claude, how do you do dark patternz? (Let me grab some of the headings from the article)
==quote==

1. Forced bundling across trust boundaries.
2. Invisible default, no opt-in.
3. More difficult to remove than install.
4. Pre-authorisation of software the user has not installed.
5. Scope inflation through generic naming.
6. Registration into software the user has not installed.
7. Registration into browsers Anthropic publicly says it does not support.
8. Fixed target list with no user visibility.
9. Automatic re-install on every run.
10. Retroactive survival of user consent.
11. Code signed, notarised, and shipped.

Security threats this creates:
Latent trigger supply chain exposure.
Prompt injection in the bridged extension.
Browser trust model inversion.
No auditability.
Future scope creep.

Privacy threats this creates:
Authenticated session exposure.
Rendered DOM access.
Form filling.
Cross profile correlation.
Invalid consent.

Is it spyware?
The honest description of what is on my machine is this: pre-installed spyware capability, silently placed, dormant, waiting for activation. The moment a paired extension lands, whether the user installs it, an enterprise policy pushes it, an attacker plants it, or Anthropic’s own next update bundles it, the word “dormant” vanishes.

Anthropic will argue the binary is not currently doing anything harmful. That argument does not survive contact with the facts. The capability is installed. The trust relationship is established. The opt in was never requested. On the day the trigger arrives, none of that changes, except the binary starts running.

That argument also doesn’t save them legally - the mere placing of the binary on the device and the creation of the folders to store it is a direct breach of Article 5(3) of Directive 2002/58/EC and a multitude of computer trespass and misuse laws.

What Anthropic should have done:
==end quotes==

Go on, read the article in full. Put yourself in the shoes of a paid cyber warfare state actor, gleefully watching the world installing backdoors you can exploit at your whim and leisure. Put yourself in the shoes of a skript kiddie, just wanting to have a little play on the dark side and discovering this brand new playground full of willing victims. Put yourself in the shoes of a vendor salesperson, rubbing their hands with the joy of collecting comprehensive user activity when they install software to drive their new shiny toy that uses Matter for the obligatory phone home for first activation. Put yourself in the shoes of a malicious actor, releasing a new app on HACS for your convenient download…

The trap is set, ready to be sprung. You don’t even know it was planted, and how to exorcise it. You turn to AI for assistance…

Whatever could go wrong?

Interesting. I’d like to hear from anyone who knows more about the Native Messaging Host capabilities. My understanding was that the vulnerability exists if the threat actor already has Admin permissions in the OS, which of course opens all kinds of vulnerabilities. At that point this would be the least of your worries. But admittedly I’m not as familiar with this process so maybe I’m missing something.

Native messaging bridge is used by many apps such as password managers (1password, lastpass etc) , de eloper tools such as postman (many others), crypto wallets etc. The article implies that anthropic positions this for potential illegal use, OP makes it sound even worse.

It is healthy to stay critical and aware. Anthropic should have made it more clear what their tools open up and/or ask for permission (perhaps it does but i don’t remember). But this “they are coming for you and be very aware” messaging is alarmist imho.