Claude's Exfiltration Defense Was One Layer Deep. One Bug Bypassed All of It.
Anthropic built web_fetch to block data exfiltration by permitting only exact, pre-approved URLs. A researcher walked data out anyway. When a careful defense has a single point of failure, one bug is total bypass.

