AI Safety Threats: FLARE-AI Reporting Platform Launches and Claude Uncovers Ticketing Hack
AI 안전 | Thu Jul 02 2026 00:00:00 GMT+0000 (Coordinated Universal Time) | 2 sources
A crowdsourced AI flaw reporting platform launched while a security researcher used Claude to discover a vulnerability in a major ticketing system.
Analysis
[FLARE-AI] launched a crowdsourced AI flaw reporting platform [1]
- Led by HuggingFace policy researcher Avijit Ghosh and others
- Co-developed by 49 AI experts from 32 organizations
- Open source code enables verification and routes reports to model makers and MITRE
- Real-time report aggregation similar to Downdetector
[FLARE-AI researchers] proposed a reporting scope encompassing psychological harm, discrimination, and misinformation [1]
- Includes psychological harm
- bias
- and misinformation beyond cybersecurity bugs
- Gaps in problem recognition due to differing standards across companies
- Lack of coordinated disclosure system means no mechanism to enforce transparency
- Emphasized necessity as agentic systems proliferate
[LayerX] disclosed a guardrail bypass vulnerability in AI browsers [1]
- Targeting OpenAI Atlas and Perplexity Comet
- Manipulates the model by tricking it as if playing a game
- Can induce even attempts to hack websites
[Ian Carroll] discovered a Front Gate Tickets vulnerability using Claude Opus 4.7 [2]
- Ticketing system for major U.S. music festivals including Lollapalooza
- SXSW
- and Austin City Limits
- Could obtain super-administrator access
- Access to millions of customer and employee records and ability to issue unlimited tickets
- Demonstrated unlimited issuance of VIP tickets worth $4
- 000
[Front Gate Tickets] patched the vulnerability within 24 hours [2]
- Discovered through a responsible security researcher's use of AI-assisted tools
- Accessed internal API for entry scanners after bypassing standard firewall
- Explained it was not a consumer-facing system
- Confirmed no evidence of customer information leaks or ticket abuse
[Anthropic] operates the Cyber Verification Program [2]
- Permits approved security researchers to use specific hacking capabilities
- Carroll is also a program participant
- Confirmed Claude's ability to easily derive core exploit components