Claude AI Helped Researcher Exploit Music Festival Ticketing System

Original: Claude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival

Why This Matters

Demonstrates AI systems' potential to autonomously identify and exploit critical vulnerabilities in major commercial infrastructure, raising security concerns across industries.

Security researcher Ian Carroll used Anthropic's Claude Opus 4.7 to discover a vulnerability in Front Gate Tickets' website that could have issued free VIP passes to major US music festivals like Bonnaroo and Lollapalooza. The flaw was patched within 24 hours with no evidence of exploitation.

Security researcher Ian Carroll discovered in April 2026 that Claude Opus 4.7 could help identify a critical vulnerability in Front Gate Tickets, a Live Nation Entertainment subsidiary handling ticketing for nearly every major US music festival including Lollapalooza, South by Southwest, and Austin City Limits. The bug allowed Carroll to gain super-administrator access to Front Gate's systems, enabling him to freely issue tickets of any value, including $4,000 VIP backstage passes, to any event. Carroll, who runs startup Seats.aero and is part of Anthropic's Cyber Verification Program, did not exploit the vulnerability and instead reported it responsibly. Front Gate confirmed the flaw was patched within 24 hours with no evidence of ticket issuance, customer information compromise, or actual exploitation. The vulnerability involved bypassing firewall security controls to access an internal API used by venue entry scanners. Carroll noted that Claude could have potentially completed the exploit end-to-end without additional human involvement, highlighting the expanding capability of AI systems to identify security flaws across internet infrastructure.

Source

wired.com — Read original →