In this post, we explore how ChatGPT generated an adversarial image that hijacked my Claude Opus 4.7 to invoke the memory tool and persist false memories for …

Embrace the Red's resource offers insights, tutorials, and resources for developers and enthusiasts interested in game development and game design. Readers can learn about game design principles, storytelling techniques, and game development tools. With articles, tutorials, and game reviews, Embrace the Red provides  guidance and expertise for creating immersive and engaging gaming experiences.

Embrace The Red

A security researcher demonstrates an indirect prompt injection attack against Claude Opus 4.7 using a ChatGPT-generated adversarial image. The image embeds a social engineering puzzle that tricks Claude into invoking its memory tool and persisting false user information (fake name, age, occupation) across future conversations. The attack succeeded 5 out of 10 times, even though Opus detected suspicious activity each time. The post details the attack methodology, Anthropic's memory tool system prompt structure, and discusses why reasoning/thinking model variants are paradoxically more susceptible to prompt injection than non-thinking variants. The researcher responsibly disclosed the issue to Anthropic via HackerOne before publishing.

Breaking Opus 4.7 with ChatGPT (Hacking Claude's Memory) · Embrace The Red

Indirect Prompt Injection and Alignment Progress

Creating An Adversarial Image with ChatGPT