Security researchers have uncovered a severe zero-click remote code execution vulnerability in Claude Desktop Extensions that allows attackers to silently compromise user systems. The flaw exploits how Claude’s unsandboxed extensions process external data, raising serious concerns about the security of AI-driven desktop agents.
