←back to thread

Claude for Chrome

(www.anthropic.com)
795 points davidbarker | 6 comments | 26 Aug 25 19:01 UTC | HN request time: 0.399s | source | bottom
Show context
biggestfan ◴[26 Aug 25 19:11 UTC] No.45030868[source]
According to their own blog post, even after mitigations, the model still has an 11% attack success rate. There's still no way I would feel comfortable giving this access to my main browser. I'm glad they're sticking to a very limited rollout for now. (Sidenote, why is this page so broken? Almost everything is hidden.)
replies(5): >>45030924 #>>45031456 #>>45031949 #>>45033353 #>>45034111 #
1. mark242 ◴[26 Aug 25 22:56 UTC] No.45033353[source]
11% success rate for what is effectively a spear-phishing attempt isn't that terrible and tbh it'll be easier to train Claude not to get tricked than it is to train eg my parents.
replies(4): >>45033380 #>>45033454 #>>45033795 #>>45039212 #
2. asdff ◴[26 Aug 25 22:59 UTC] No.45033380[source]
>Claude not to get tricked than it is to train eg my parents.

One would think but apparently from this blog post it is still succeptible to the same old prompt injections that have always been around. So I'm thinking it is not very easy to train Claude like this at all. Meanwhile with parents you could probably eliminate an entire security vector outright if you merely told them "bank at the local branch," or "call the number on the card for the bank don't try and look it up."

3. zaphirplane ◴[26 Aug 25 23:10 UTC] No.45033454[source]
What ! 1 in 10 successfully phished is ok ? 1 in 10 page views. That has to approach 100% success rate over a week say month of browsing the web with targeted ads and/or link farms to get the page click
replies(1): >>45038325 #
4. whatevertrevor ◴[26 Aug 25 23:55 UTC] No.45033795[source]
The kind of attack vector is irrelevant here, what's important is the attack surface. Not to mention this is a tool facilitating the attack, with little to no direct interaction with the user in some cases. Just because spear-phishing is old and boring doesn't mean it cannot have real consequences.

(Even if we agree with the premise that this is just "spear-phishing", which honestly a semantics argument that is irrelevant to the more pertinent question of how important it is to prevent this attack vector)

5. IanCal ◴[27 Aug 25 11:45 UTC] No.45038325[source]
This is where rates hide the issue.

One in ten cases that take hours on a phone talking to a person with detailed background info and spoofed things is one issue. One in ten people that see a random message on social media is another.

Like 1 in 10 traders on the street might try and overcharge me is different from 1 in 10 pngs I see can drain my account.

6. lelanthran ◴[27 Aug 25 13:12 UTC] No.45039212[source]
With spear phishing there are a limited number of attack attempts, maybe one a day and the target will wise up.

With this you can probably try a few thousand attempts per minute.