Code Execution Through Email: How I Used Claude to Hack Itself

Golan Yosef, Chief Security Scientist and Co-Founder of Pynt, explores how a seemingly secure system can be exploited through composition rather than individual vulnerabilities. Using a Gmail message, he demonstrates how code execution can be triggered through Claude Desktop, an LLM host application, by leveraging the interconnected nature of modern computing platforms, known as MCPs. Initially, Claude detected the phishing attempt and warned against it, but by resetting its context in new sessions, Yosef was able to iteratively refine the attack until it succeeded. The exercise highlights the compositional risks inherent in LLM-powered applications, which rely on layers of delegation, agentic autonomy, and third-party tools, posing significant security challenges. The experiment underscores the need for solutions like Pynt MCP Security to identify and mitigate risks associated with trust-capability combinations before they escalate into complex exploits, emphasizing the evolving nature of security in the era of AI.