AI Dynamics

Global AI News Aggregator

About

Cursor Claude Attack Stealing API Tokens via JWT Obfuscation

Here's a good recent example: Cursor/Claude was refusing to steal API tokens, so they changed the attack to request "rotten apples" which were of strings starting with "eyJ" – aka JWTs! https://
simonwillison.net/2025/Aug/9/whe
n-a-jira-ticket-can-steal-your-secrets/

→ View original post on X — @simonw