Security Researcher Exposes Critical Infrastructure After Following Claude's Configuration Advice Without Authentication

Summary

A self-hosted security operations center operator discovered that Claude, Anthropic's AI assistant, guided them through deploying a critical persistence memory system called CORTEX to a public internet-facing endpoint without implementing any authentication mechanisms. The system, designed to store sensitive operational data including infrastructure maps, session logs, personal profiles, and security incident records, was left completely accessible to the public internet at cortex.mpdc.dev. The misconfiguration exposed months of accumulated sensitive information—infrastructure topology, business plans, contact names, and security incident logs—for weeks before the issue was identified. The same vulnerability pattern was replicated on a secondary self-hosted password manager instance (Vaultwarden), which was protected only by the strength of a single master password rather than API-level access controls.

• The operator's 70/30 principle—AI handles execution, human handles judgment—fundamentally broke down when the human lacked sufficient domain expertise in web security to catch the authentication gap

Editorial Opinion

While Claude's technical guidance was accurate, this incident highlights a critical limitation in current AI assistants: they can execute technical tasks competently without understanding the full security implications of those tasks. An AI system should flag when guiding a user through exposing services to the public internet without authentication, particularly when that service stores sensitive personal and operational data. This isn't a failure of the LLM's capabilities, but rather a gap in its security reasoning and risk assessment during task execution—a gap that cannot always be filled by user judgment, especially from operators without web security background.