Anthropic's Claude Desktop Secretly Installs Browser Backdoor on macOS

Claude Desktop is an AI system application that manipulates browser configurations without user authorization, which is a misuse of the AI system's deployment. Although no direct harm has been reported, the covert and persistent nature of these actions plausibly could lead to violations of user privacy or security, constituting potential harm. Therefore, this event fits the definition of an AI Hazard, as it plausibly could lead to an AI Incident if the unauthorized control or data access occurs.

The event involves an AI system (Claude Desktop) whose use leads to unauthorized access and control over user browsers, which is a violation of privacy and security rights. The installation of a backdoor without user consent is a direct breach of legal obligations protecting fundamental rights. The AI system's role is pivotal as it is the software performing this unauthorized action. The harm is realized (privacy violation and security risk), not just potential, and the event involves misuse or non-compliance in the AI system's deployment. Therefore, this qualifies as an AI Incident rather than a hazard or complementary information.

Claude Desktop is an AI system application. Its use involves deploying a hidden configuration that alters other software behavior without consent, increasing attack surface and enabling potential malicious code execution. This unauthorized modification and security risk constitute a violation of user privacy and legal protections, thus a breach of rights and harm to users. The harm is realized in the form of a security vulnerability and privacy violation, not just a potential risk. Therefore, this event qualifies as an AI Incident due to the direct involvement of an AI system causing harm through misuse or unsafe design.

The article explicitly involves an AI system (Claude AI and its browser extension) that is installed and configured in a way that allows it to access and control browser sessions with elevated privileges. This access is granted without user consent and persists even for browsers not installed yet, indicating a deliberate design choice by the developers. The AI system's capabilities include reading and writing web page content, automating tasks, and potentially accessing sensitive authenticated sessions such as banking or professional email. These actions constitute violations of user privacy rights and create significant security risks, fulfilling the criteria for harm under human rights and privacy law. The lack of consent and transparency, combined with the persistent and hard-to-remove nature of the installation, further aggravates the harm. The involvement of the AI system is direct and central to the harm, as it is the AI-powered extension that leverages this privileged access. Hence, this event is best classified as an AI Incident.

An AI system (Claude Desktop) is involved, as it is an AI application installed on user machines. The event concerns the use and deployment of this AI system, specifically its installation of native messaging manifests that enable high-privilege communication with browsers without explicit consent. While no actual harm (such as a successful attack or data breach) is reported, the article details credible security vulnerabilities and legal violations that could plausibly lead to harm, including unauthorized access or control over user data and actions. Therefore, this situation fits the definition of an AI Hazard, as it plausibly could lead to an AI Incident involving harm to user privacy and security. It is not an AI Incident because no realized harm is described, nor is it Complementary Information or Unrelated, as the focus is on a specific risk stemming from the AI system's behavior.

The event involves an AI system (Anthropic's Claude Desktop) whose deployment and use have directly led to unauthorized access to user browser sessions and local system execution privileges without consent, violating privacy rights and potentially exposing critical infrastructure controls. The AI system's role is pivotal as it pre-installs and maintains this access persistently, enabling significant harm to user privacy and security. The described harms include violations of fundamental rights (privacy), potential harm to critical infrastructure (via access to admin consoles), and security risks from vulnerabilities. The event meets the criteria for an AI Incident due to realized harm stemming from the AI system's use and deployment practices.

Claude Desktop is an AI system (an LLM-based application) that pre-approves browser extensions without user consent, enabling access to sensitive user data. This unauthorized access is a direct consequence of the AI system's design and use, leading to violations of user privacy and fundamental rights. The harm is realized as users' private and sensitive data are exposed without consent, fulfilling the criteria for an AI Incident under violations of human rights or breach of obligations protecting fundamental rights.

The article explicitly involves an AI system (Claude Desktop) whose use leads to unauthorized modification of other applications and pre-authorization of browser extensions without user consent. This behavior breaches European privacy law (ePrivacy Directive) and computer misuse laws, constituting a violation of legal obligations protecting user privacy rights. The harm is realized, not just potential, as the software installs files and authorizes extensions without disclosure or consent, expanding the attack surface and increasing security risks. The involvement of the AI system in these actions and the resulting privacy and legal harms meet the criteria for an AI Incident. The event is not merely a potential risk (hazard) or a complementary information update, but a concrete incident of harm caused by the AI system's use.

The article explicitly describes an AI system (Claude Desktop) whose use leads to unauthorized system modifications that bypass browser security and privacy protections, enabling potential surveillance and data capture without user consent. This constitutes a violation of privacy rights under EU law, which is a breach of fundamental rights and legal obligations. The involvement of the AI system's use directly causes this harm, meeting the criteria for an AI Incident. The presence of security vulnerabilities and lack of transparency further support this classification.

The Claude Desktop application is an AI system as it is an AI-powered desktop client for the Claude language model. The installation of a Native Messaging host manifest without user consent and its persistence despite deletion constitutes unauthorized system modification and increases the risk of privacy violations and security breaches. This directly harms users by expanding their attack surface and potentially enabling malicious exploitation. The involvement of the AI system's use and design in this unauthorized behavior and the realized harm to user security and privacy meet the criteria for an AI Incident under violations of rights and harm to communities. The lack of transparency and user consent further supports this classification.

The Claude Desktop app is an AI system that integrates deeply with browsers via native messaging manifests installed without user consent, enabling extensions to bypass sandboxing and access sensitive data. This silent pre-authorization and installation is a misuse of the AI system's capabilities, leading to violations of privacy rights and breaches of legal obligations under the ePrivacy Directive. The event documents realized harm through unauthorized access and control, not just potential risk. The involvement of the AI system in causing these harms is direct and central. Hence, this is an AI Incident rather than a hazard or complementary information.

Claude Desktop is an AI system (an AI assistant application). The report reveals that its use involves installing a browser bridge that bypasses security and privacy safeguards, which constitutes a misuse or malfunction of the AI system leading to significant privacy and security harms. This fits the definition of an AI Incident because the AI system's use has directly led to harm related to privacy and security breaches, which can be considered harm to individuals or groups (harm to health or rights).

The Claude Desktop application is an AI system. Its silent installation of a messaging bridge without user consent constitutes a misuse of the AI system's deployment, potentially leading to violations of privacy rights and security breaches. Since no actual harm is reported yet but there is a credible risk of harm to user privacy and security, this event qualifies as an AI Hazard rather than an AI Incident. The focus is on plausible future harm from the AI system's use rather than confirmed harm.

An AI system (Claude Desktop) is involved, specifically its use and deployment of a Native Messaging bridge to enable AI-powered browser extensions to interact with the local machine. The event details a development and use issue where the AI system silently installs this bridge without user consent, expanding the attack surface and enabling potential malicious exploitation. While no actual harm is reported, the described scenario plausibly could lead to AI incidents involving privacy violations and security breaches. Therefore, this qualifies as an AI Hazard because it plausibly could lead to harms such as violations of privacy rights and unauthorized access to sensitive data. It is not an AI Incident because no realized harm is described, nor is it merely Complementary Information or Unrelated.