A researcher found that Claude's memory system could leak sensitive user data, like names and employers, by tricking the AI into navigating a malicious website's links to spell out personal information. Anthropic patched the vulnerability by limiting web navigation, but the exploit underscores risks in AI systems storing vast user profiles.