Anthropic installed a spyware bridge on my machine?
anthropic claude privacy
| Source: HN | Original article
Anthropic’s Claude Desktop has quietly installed a native‑messaging bridge on users’ machines, a move that security researchers say amounts to a dormant spyware component. The bridge is added during the standard Claude Desktop installer and registers itself with seven Chromium‑based browsers—including Chrome, Edge, Brave and even browsers the user has not installed. Anthropic’s own documentation claims it does not support several of those browsers, yet the bridge is present regardless.
The bridge remains inert until a paired extension, an enterprise policy push, a malicious update or an attacker‑triggered payload activates it. At that point it can open a direct communication channel between the browser and Claude’s local runtime, allowing arbitrary code execution under the user’s privileges. Researchers who examined the installer describe the component as “pre‑installed spyware capability, silently placed, dormant, waiting for activation.”
Why this matters goes beyond a single product. Native‑messaging bridges have been exploited in past supply‑chain attacks to deliver remote‑access trojans, and the recent Axios npm compromise showed how quickly such vectors can spread. Claude Desktop is marketed to both individual developers and enterprise teams, meaning the bridge could be propagated across corporate networks without explicit consent, potentially violating GDPR and Norway’s data‑protection regulations.
Anthropic has not yet issued a formal statement, but the company’s recent security disclosures—such as the Linux‑kernel exploits found by its own model—suggest it is aware of the broader attack surface. The next steps to watch are a possible emergency patch or removal of the bridge, a detailed audit of Claude Desktop’s installer, and regulatory scrutiny from EU and Nordic data‑protection authorities. Industry observers will also be tracking whether other AI‑tool vendors adopt similar native‑messaging components, and how the community’s response shapes future AI‑software supply‑chain standards.
Sources
Back to AIPULSEN