CLAUDE.md Jailbreak Vector
- Entity ID:
ent-20260419-4ec0189128a2 - Type:
concept - Scope:
shared - Status:
active - Aliases: CLAUDE.md override attack, markdown jailbreak
Description
Attack class where a modified CLAUDE.md in a project overrides safety controls, causing Claude Code to generate RATs or malware within the project environment. The attack surface is the configuration file — the same file users are encouraged to customize. Dual-use corollary of RAPTOR's demonstration that markdown alone can reconfigure Claude Code into an offensive operator.
Key claims
- Modifying project CLAUDE.md can override safety controls
- System prompt architecturally outranks CLAUDE.md regardless of content length
- A CLAUDE.md that survives one compaction becomes permanent trusted instructions
Relations
- Straiker Compaction-Persistence Attack Model --[related_to]--> CLAUDE.md Jailbreak Vector
- CLAUDE.md Jailbreak Vector --[derived_from]--> RAPTOR