# CCT 348: ClaudeBleed - The Hidden Risk In AI Browser Extensions and CISSP Domain 3 Page: https://stenobird.com/podcast/cissp-cyber-training-podcast-cissp-training-program-6068495/cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3 Text version: https://stenobird.com/podcast/cissp-cyber-training-podcast-cissp-training-program-6068495/cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3.md Podcast: [CISSP Cyber Training Podcast - CISSP Training Program](https://stenobird.com/podcast/cissp-cyber-training-podcast-cissp-training-program-6068495) Published: 2026-05-11T11:00:00+00:00 Episode link: https://www.buzzsprout.com/2167626/episodes/19154014-cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3.mp3 Audio file: https://www.buzzsprout.com/2167626/episodes/19154014-cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3.mp3 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/cissp-cyber-training-podcast-cissp-training-program-6068495/episodes/cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3 Duration seconds: 2040 ## Resource Send us Fan Mail Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sending, data loss through Google Drive, or code theft from private repos. We walk ... ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/cissp-cyber-training-podcast-cissp-training-program-6068495/episodes/cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/cissp-cyber-training-podcast-cissp-training-program-6068495/cct-348-claudebleed-the-hidden-risk-in-ai-browser-extensions-and-cissp-domain-3.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.