Research shows subtle image perturbations can bypass safety filters in vision-language AI models
A security researcher discovered a serious vulnerability in Front Gate Tickets, a platform used by nearly all major US music festivals, including Lollapalooza, Bonnaroo, and South by Southwest.The researcher, Ian Carroll, used Anthropic’s Claude Opus 4.7 AI model in April to help analyze and bypass security protections on the website.He initially suspected a SQL injection flaw, but the platform’s web application firewall blocked direct exploitation attempts.With assistance from Claude, Carroll identified that a nested SQL query technique could evade the firewall’s detection rules.
This allowed him to access sensitive backend data, including information from multiple databases that potentially contained millions of customer and staff records.Although payment data was not exposed, personal details such as names, emails, and addresses were reportedly accessible.
Further escalation led Carroll to gain administrative access by identifying a super administrator account, resetting its password, and using backend-accessible reset codes.This level of access enabled him to simulate issuing high-value tickets, including VIP and premium passes, without restriction.However, he did not complete any fraudulent transactions and instead reported the vulnerability responsibly.Front Gate Tickets confirmed the flaw was patched within 24 hours and stated there was no evidence of real-world exploitation.The company emphasized that safeguards and audit logs would have detected misuse.Anthropic also noted that its Cyber Verification Program allows controlled security research using AI tools to improve system defenses.
The incident highlights growing concerns about AI-assisted cybersecurity research, where advanced models can significantly accelerate vulnerability discovery.
While no harm occurred in this case, experts warn that similar capabilities could be misused if not carefully monitored, raising broader questions about the role of AI in offensive and defensive cybersecurity contexts.