Techly NewsGet the app

Get the latest tech news

Code Execution Through Email: How I Used Claude to Hack Itself


This is the story of how I used a Gmail message to trigger code execution through Claude Desktop, and how Claude itself (!) helped me plan the attack.

The combined capability and trust across MCP hosts, agents, and data sources can quietly introduce attack surfaces no one sees coming. Untrusted input (Gmail email) Excessive capability (execution permission via the MCP) No contextual guardrails allowing for cross-tools-invocation That’s exactly why we’re building MCP Security at Pynt, to help teams identify dangerous trust-capability combinations, and to mitigate the risks before they lead to silent, chain-based exploits.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of email

email

Photo of Claude

Claude

Photo of code execution

code execution

Related news:

News photo

Show HN: An MCP server that gives LLMs temporal awareness and time calculation

News photo

Alibaba-backed Moonshot releases new Kimi AI model that beats ChatGPT, Claude in coding — and it costs less

News photo

Unlike ChatGPT, Anthropic has doubled down on Artifacts

« I can't go back to grainy night vision after testing this security camera
I replaced my boring bookshelf speakers with these slick wireless ones - and I highly recommend them »