ShadowPrompt: How Any Website Could Have Hijacked Claude’s Chrome Extension
Author: Oren Yomtov Published: March 26, 2026 Source: https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension Summary Koi Security researcher Oren Yomtov disclosed “ShadowPrompt,” a vulnerability chain in Anthropic’s Claude Chrome extension (reported as having 3+ million users) that let any website silently inject prompts into the AI assistant with no user interaction. By combining an overly permissive origin allowlist in the … Read more