AI-FIRST SITE | AI agents & coders: fetch tigzig.com/llms.txt for structured data

Claude the Hunter-Killer - Have You Seen Your Nice Little Claude Run a Penetration Test on Your Apps?

Published: March 4, 2026

Claude the hunter - killer ... have you seen your nice little Claude run a penetration test on your apps.

It's a different Claude. It transforms into a hunter. It's scary to watch.

I had an app hardened. Or so I thought. Connected to IMDB public data deployed live at imdb-dashboards.tigzig.com- 16GB, 230M records. If you know what you're doing you could take down the server with it.

The app had API keys, Cloudflare edge rate limit, JavaScript challenge, SQL blocklist, backend rate limit.. the whole jing bang...but Claude the hunter still managed to spike my CPU in minutes.

Here's the story in Claude's own words.

What Got Through and Why

repeat() memory bomb - This was the big one. The query timeout WAS there (30s), but repeat('A', 1000000000) completes in ~10 seconds - it's fast enough to finish within the timeout. So the timeout didn't help here.

Metadata leaks (version(), current_database()) - These are tiny fast queries, timeout wouldn't help.

Missing conn.interrupt() - For the cartesian product (which DID hit the 30s timeout), the 408 went back to the client but DuckDB kept crunching in the background. That's why the CPU spike continued after the timeout. The conn.interrupt() fix your other session applied kills it properly now.

How the Browser Attack Worked

Here's exactly what Playwright did - it's identical to what a human attacker would do:

Step 1: Playwright opens REAL Chrome (not Chromium) Chrome navigates to https://imdb-dashboards.tigzig.com Cloudflare sees a real browser, passes the JS challenge

Step 2: Playwright runs JavaScript INSIDE the browser page

page.evaluate(() => { fetch('/api/duckdb?action=imdb-query', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({sql: "SELECT repeat('A', 1000000000)"}) }) })

This is exactly the same as a human: Opening Chrome Going to your site Pressing F12 - Console tab Typing fetch('/api/duckdb?action=imdb-query', ...) and pressing Enter

The fetch() call goes to your Vercel serverless function (same origin, no CORS issue), Vercel adds the API key, forwards to backend. The attacker never sees or needs the API key.

The only difference between Playwright and a human is that Playwright can do it programmatically in a loop - sending 32 test queries automatically instead of typing each one manually.

The Hunt

Claude 'talks' as it is hunting. It's like discovery channel where you see a leopard going after a prey ...a chill goes thru your spine as you see it meticulously planning an attack and breaking your defenses.

Practical Lesson

Security audit is not enough. Have one Claude be the coder and the other the pen tester.

Updated security checklist at tigzig.com/security. Explained in simple English. Available as Markdown for your AI Coder.