[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"nav-categories":3,"article-how-to-hack-perplexity-and-get-unlimited-claude-opus-at-someone-else-s-expense":70},{"data":4},[5,37,57,64],{"name":6,"slug":7,"categories":8},"Productivity","productivity",[9,13,17,21,25,29,33],{"id":10,"title":11,"slug":12},17,"Branding","branding",{"id":14,"title":15,"slug":16},19,"Marketing","marketing",{"id":18,"title":19,"slug":20},20,"Work","work",{"id":22,"title":23,"slug":24},34,"Community","community",{"id":26,"title":27,"slug":28},21,"For newbies","for-newbies",{"id":30,"title":31,"slug":32},24,"Investment","investment",{"id":34,"title":35,"slug":36},22,"Finance","finance",{"name":38,"slug":39,"categories":40},"Tech","tech",[41,45,49,53],{"id":42,"title":43,"slug":44},28,"Technology","technology",{"id":46,"title":47,"slug":48},32,"Artificial Intelligence","artificial-intelligence",{"id":50,"title":51,"slug":52},26,"Security and protection","security-and-protection",{"id":54,"title":55,"slug":56},31,"YouTube Blog","youtube-blog",{"name":58,"slug":59,"categories":60},"News","news",[61],{"id":62,"title":58,"slug":63},18,"quasanews",{"name":65,"slug":66,"categories":67},"Business","business",[68],{"id":69,"title":65,"slug":66},16,{"post":71,"published_news":95,"popular_news":154,"categories":218},{"title":72,"description":73,"meta_title":72,"meta_description":74,"meta_keywords":75,"text":76,"slug":77,"created_at":78,"publish_at":79,"formatted_created_at":80,"category_id":42,"links":81,"view_type":84,"video_url":85,"views":86,"likes":87,"lang":88,"comments_count":87,"category":89},"How to Hack Perplexity and Get Unlimited Claude Opus at Someone Else's Expense","In the rapidly evolving world of AI agent systems, Perplexity AI's latest offering, Perplexity Computer, promised a secure sandbox where autonomous AI could browse the web, write code, and handle complex tasks. Launched as a multi-agent environment, it aimed to empower users with advanced capabilities.","While the free Opus access is gone, this \"true story\" serves as a cautionary tale: In AI's gold rush, secure foundations trump shiny models.","This breach highlights a broader issue: AI companies, racing to deploy agentic systems, often prioritize model safety over infrastructure.","\u003Cp>In the rapidly evolving world of AI agent systems, Perplexity AI's latest offering, Perplexity Computer, promised a secure sandbox where autonomous AI could browse the web, write code, and handle complex tasks. Launched as a multi-agent environment, it aimed to empower users with advanced capabilities.\u003C/p>\n\n\u003Cp>\u003Cimg alt=\"\" class=\"image-align-right\" height=\"120\" src=\"https://quasa.io/storage/photos/00/photo_2026-03-15_10-28-17.jpg\" width=\"300\" />However, AI developer Yousif Astarabadi recently exposed a vulnerability using a simple trick reminiscent of 2019 Node.js supply chain attacks, potentially allowing unauthorized access to premium AI models like Claude Opus 4.6.\u003C/p>\n\n\u003Cp>This incident underscores the tension between cutting-edge AI innovation and foundational infrastructure security, where even well-funded startups can falter.\u003C/p>\n\n\u003Chr />\n\u003Ch4>\u003Cstrong>The Discovery: Probing the Sandbox\u003C/strong>\u003C/h4>\n\n\u003Cp>\u003Cimg alt=\"\" class=\"image-align-left\" height=\"169\" src=\"https://quasa.io/storage/photos/00/image - 2026-03-15T120303.699.jpg\" width=\"300\" />Astarabadi, while researching sandbox isolation for his own agent infrastructure projects, delved into Perplexity Computer. He noticed the integration of Claude Code, a Node.js-based tool that relies on an Anthropic API key to function. Curious about key management, he explored how credentials were handled within the shared environment.\u003C/p>\n\n\u003Cp>Initial attempts to extract the key directly through the AI agent failed spectacularly. Claude's safety mechanisms kicked in: requests to dump environment variables, plant trojan scripts, poison shell profiles, or hijack the process tree were all detected and refused—six times in a row. The model's prompt-level safeguards proved robust, recognizing malicious intent and halting execution.\u003C/p>\n\n\u003Chr />\n\u003Ch4>\u003Cstrong>The Exploit: A Dotfile Deception\u003C/strong>\u003C/h4>\n\n\u003Cp>\u003Cimg alt=\"\" class=\"image-align-right\" height=\"372\" src=\"https://quasa.io/storage/photos/00/image - 2026-03-15T120235.657.jpg\" width=\"250\" />Undeterred, Astarabadi shifted focus to the infrastructure. Claude Code runs via npm in Node.js, which reads configuration from ~/.npmrc in the home directory — a shared filesystem accessible within the sandbox. By crafting a .npmrc file with a NODE_OPTIONS entry specifying --require to preload a custom JavaScript module, he ensured his script executed before Claude Code initialized.\u003C/p>\n\n\u003Cp>\u003Cstrong>The exploit boiled down to three shell commands:\u003C/strong>\u003C/p>\n\n\u003Col>\n\t\u003Cli>Write a script to dump process.env to a shared file.\u003C/li>\n\t\u003Cli>Echo 'node-options=--require /path/to/script.js' into ~/.npmrc.\u003C/li>\n\t\u003Cli>Trigger any coding task in Perplexity Computer.\u003C/li>\n\u003C/ol>\n\n\u003Cp>Upon agent activation, npm honored the config, running the preload script instantaneously—before any safety checks. This yielded a Perplexity gateway token proxying to their master Anthropic account.\u003C/p>\n\n\u003Chr />\n\u003Ch4>\u003Cstrong>The Fatal Flaw: Unbound Credentials\u003C/strong>\u003C/h4>\n\n\u003Cp>\u003Cimg alt=\"\" class=\"image-align-left\" height=\"372\" src=\"https://quasa.io/storage/photos/00/image - 2026-03-15T120234.538.jpg\" width=\"250\" />The token lacked bindings: no IP restrictions, no session scoping to the sandbox, and no immediate user billing tie-in. Astarabadi tested it on his personal laptop, generating massive outputs — like five parallel 100,000+ token histories of the world via Opus 4.6 — without depleting his credits. Initially, it appeared usage billed to Perplexity's corporate account.\u003C/p>\n\n\u003Cp>However, Perplexity CTO Denis Yarats clarified that the token was a short-lived proxy tied to the user's session and account, with asynchronous billing. The exploit generated 197 billing events, charged back to Astarabadi post-facto, and the token was revoked upon discovery. Astarabadi acknowledged this but noted the token's external usability posed risks, like prompt injection enabling third-party abuse.\u003C/p>\n\n\u003Cp>Also read:\u003C/p>\n\n\u003Cul>\n\t\u003Cli>\u003Ca href=\"https://quasa.io/media/top-5-ai-innovations-of-the-week-from-quasa\">Top 5 AI Innovations of the Week from QUASA\u003C/a>\u003C/li>\n\t\u003Cli>\u003Ca href=\"https://quasa.io/media/analyzing-ogilvy-social-lab-s-2026-social-trends-report-key-insights-and-my-recommendations\">Analyzing Ogilvy Social Lab's 2026 Social Trends Report: Key Insights and My Recommendations\u003C/a>\u003C/li>\n\t\u003Cli>\u003Ca href=\"https://quasa.io/media/report-2026\">The State of Hybrid Freelance 2026: AI, Web3 and the Death of Traditional Work\u003C/a>\u003C/li>\n\t\u003Cli>\u003Ca href=\"https://quasa.io/media/high-fidelity-images-and-full-editing-suite-imagine-art-launches-imagineart-1-generator\">High-Fidelity Images and Full Editing Suite: Imagine Art Launches ImagineArt 1 Generator\u003C/a>\u003C/li>\n\u003C/ul>\n\n\u003Chr />\n\u003Ch4>\u003Cstrong>Lessons for the AI Industry\u003C/strong>\u003C/h4>\n\n\u003Cp>This breach highlights a broader issue: AI companies, racing to deploy agentic systems, often prioritize model safety over infrastructure. Claude performed flawlessly, but the "human bags" (as humorously put) overlooked basic hardening.\u003C/p>\n\n\u003Cp>\u003Cstrong>\u003Cimg alt=\"\" class=\"image-align-right\" height=\"240\" src=\"https://quasa.io/storage/photos/00/photo_2026-03-15_10-28-19.jpg\" width=\"290\" />Astarabadi recommends:\u003C/strong>\u003C/p>\n\n\u003Cul>\n\t\u003Cli>Bind tokens to sandbox IDs and IPs.\u003C/li>\n\t\u003Cli>Make them ephemeral, minting on startup and invalidating on teardown.\u003C/li>\n\t\u003Cli>Ensure usage bills to the spawning user, not a master pool.\u003C/li>\n\u003C/ul>\n\n\u003Cp>These patterns could fortify proxies, common in agent infra. Perplexity patched the vulnerability after Astarabadi's responsible disclosure via their Vulnerability Disclosure Program (VDP).\u003C/p>\n\n\u003Cp>While the free Opus access is gone, this "true story" serves as a cautionary tale: In AI's gold rush, secure foundations trump shiny models. For the full thread, \u003Ca href=\"https://x.com/YousifAstar/status/2032214543292850427\">check Astarabadi's X post.\u003C/a>\u003C/p>","how-to-hack-perplexity-and-get-unlimited-claude-opus-at-someone-else-s-expense","2026-03-15T11:05:54.000000Z","2026-03-21T09:58:00.000000Z","21.03.2026",{"image":82,"thumb":83},"https://quasa.io/storage/images/news/FbBTVPGBVkHfTAvNh71qP8fs9PnWvMF4bQmwZc4t.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/FbBTVPGBVkHfTAvNh71qP8fs9PnWvMF4bQmwZc4t.jpg","small",null,514,0,"en",{"id":42,"title":43,"slug":44,"meta_title":90,"meta_description":91,"meta_keywords":92,"deleted_at":85,"created_at":93,"updated_at":94,"lang":88},"Quasa media blog about growth hacking in Tech","All the most interesting and useful about technologies. Exclusive articles from technologies you won't find anywhere else.","Technology, tech, business, ai, gadget, gadgets, life hacks","2023-03-23T08:15:32.000000Z","2024-08-25T15:37:57.000000Z",[96,109,120,132,143],{"title":97,"description":98,"slug":99,"created_at":100,"publish_at":101,"formatted_created_at":102,"category":103,"links":104,"view_type":84,"video_url":85,"views":107,"likes":87,"lang":88,"comments_count":87,"is_pinned":108},"Figure AI Founder Brett Adcock Launches Hark: A New Lab Building True Personal AGI","Brett Adcock, the founder of humanoid robotics company Figure AI, has quietly launched his next ambitious venture: Hark, an AI laboratory dedicated to creating the world’s most advanced personal intelligence.","figure-ai-founder-brett-adcock-launches-hark-a-new-lab-building-true-personal-agi","2026-03-25T20:23:25.000000Z","2026-04-09T09:11:00.000000Z","09.04.2026",{"title":43,"slug":44},{"image":105,"thumb":106},"https://quasa.io/storage/images/news/C1UuYbaKmb90FPNMq9HupZ84jzRUQmO6HBbSPEPh.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/C1UuYbaKmb90FPNMq9HupZ84jzRUQmO6HBbSPEPh.jpg",11,false,{"title":110,"description":111,"slug":112,"created_at":113,"publish_at":114,"formatted_created_at":102,"category":115,"links":116,"view_type":84,"video_url":85,"views":119,"likes":87,"lang":88,"comments_count":87,"is_pinned":108},"Pokémon Go’s 10-Year Legacy: How Millions of Players Accidentally Trained Robots to Deliver Your Food","Ten years after its explosive launch, Pokémon Go continues to deliver surprises — this time, not in the form of rare Pikachu, but in the form of a powerful new navigation system for delivery robots.","pokemon-go-s-10-year-legacy-how-millions-of-players-accidentally-trained-robots-to-deliver-your-food","2026-03-25T20:06:36.000000Z","2026-04-09T06:59:00.000000Z",{"title":43,"slug":44},{"image":117,"thumb":118},"https://quasa.io/storage/images/news/ceiFSOJQ3diMLwMI4POUSJwIjscAuwf5TWE2DXlN.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/ceiFSOJQ3diMLwMI4POUSJwIjscAuwf5TWE2DXlN.jpg",102,{"title":121,"description":122,"slug":123,"created_at":124,"publish_at":124,"formatted_created_at":125,"category":126,"links":127,"view_type":130,"video_url":85,"views":131,"likes":87,"lang":88,"comments_count":87,"is_pinned":108},"Jaxx Liberty for Cross-Device Crypto Management","A practical article about Jaxx Liberty as a cross-platform blockchain wallet with portfolio tools, exchange access, and block explorer features for daily crypto management.","jaxx-liberty-for-cross-device-crypto-management","2026-04-08T12:21:43.000000Z","08.04.2026",{"title":35,"slug":36},{"image":128,"thumb":129},"https://quasa.io/storage/images/news/2BoYmDUS7F9wHE0dwpD2KUpX702LkL1Spp2KC5Vm.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/2BoYmDUS7F9wHE0dwpD2KUpX702LkL1Spp2KC5Vm.jpg","large",779,{"title":133,"description":134,"slug":135,"created_at":136,"publish_at":137,"formatted_created_at":125,"category":138,"links":139,"view_type":84,"video_url":85,"views":142,"likes":87,"lang":88,"comments_count":87,"is_pinned":108},"Nvidia CEO Jensen Huang Proposes Paying Engineers with AI Tokens","Nvidia CEO Jensen Huang has put forward a radical new idea for compensating tech talent: paying engineers part of their salary in AI tokens.","nvidia-ceo-jensen-huang-proposes-paying-engineers-with-ai-tokens","2026-03-25T19:56:16.000000Z","2026-04-08T11:48:00.000000Z",{"title":19,"slug":20},{"image":140,"thumb":141},"https://quasa.io/storage/images/news/KL5Yqt5ZzW3R4cu7XmE15grrRHdKZ1WBoKbC6Zu3.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/KL5Yqt5ZzW3R4cu7XmE15grrRHdKZ1WBoKbC6Zu3.jpg",832,{"title":144,"description":145,"slug":146,"created_at":147,"publish_at":148,"formatted_created_at":125,"category":149,"links":150,"view_type":84,"video_url":85,"views":153,"likes":87,"lang":88,"comments_count":87,"is_pinned":108},"The AI Scientist Hits Nature: Scaling Scientific Discovery Like Code","The dream of a fully autonomous laboratory has moved from the realm of \"experimental demo\" to a validated scientific reality. The AI Scientist, a pioneering system designed to automate the entire lifecycle of research, has officially been published in Nature.","the-ai-scientist-hits-nature-scaling-scientific-discovery-like-code","2026-03-25T19:23:02.000000Z","2026-04-08T09:15:00.000000Z",{"title":47,"slug":48},{"image":151,"thumb":152},"https://quasa.io/storage/images/news/QZJ74ZuxTmCA52qWq4HZkP2WikrOYpg6WBusDdyn.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/QZJ74ZuxTmCA52qWq4HZkP2WikrOYpg6WBusDdyn.jpg",901,[155,168,181,193,206],{"title":156,"description":157,"slug":158,"created_at":159,"publish_at":160,"formatted_created_at":161,"category":162,"links":163,"view_type":84,"video_url":85,"views":166,"likes":167,"lang":88,"comments_count":87,"is_pinned":108},"The Anatomy of an Entrepreneur","Entrepreneur is a French word that means an enterpriser. Enterprisers are people who undertake a business or enterprise with the chance of earning profits or suffering from loss.","the-anatomy-of-an-entrepreneur","2021-08-04T15:18:21.000000Z","2025-12-14T06:09:00.000000Z","14.12.2025",{"title":65,"slug":66},{"image":164,"thumb":165},"https://quasa.io/storage/images/news/mVsXPTMuHZuI7UXCsENgL1Qwp1uSOf7Rz3uVPMfm.webp","https://api.quasa.io/thumbs/news-thumb/images/news/mVsXPTMuHZuI7UXCsENgL1Qwp1uSOf7Rz3uVPMfm.webp",67887,2,{"title":169,"description":170,"slug":171,"created_at":172,"publish_at":173,"formatted_created_at":174,"category":175,"links":176,"view_type":130,"video_url":85,"views":179,"likes":180,"lang":88,"comments_count":87,"is_pinned":108},"Advertising on QUASA","QUASA MEDIA is read by more than 400 thousand people a month. We offer to place your article, add a link or order the writing of an article for publication.","advertising-on-quasa","2022-07-06T07:33:02.000000Z","2025-12-15T17:33:02.000000Z","15.12.2025",{"title":58,"slug":63},{"image":177,"thumb":178},"https://quasa.io/storage/images/news/45SvmdsTQbiyc3nxgbyHY1mpVbisYyub2BCHjqBL.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/45SvmdsTQbiyc3nxgbyHY1mpVbisYyub2BCHjqBL.jpg",67263,4,{"title":182,"description":183,"slug":184,"created_at":185,"publish_at":186,"formatted_created_at":187,"category":188,"links":189,"view_type":84,"video_url":85,"views":192,"likes":180,"lang":88,"comments_count":87,"is_pinned":108},"What is a Startup?","A startup is not a new company, not a tech company, nor a new tech company. You can be a new tech company, if your goal is not to grow high and fast; then, you are not a startup. ","what-is-a-startup","2021-08-04T12:05:17.000000Z","2025-12-17T13:02:00.000000Z","17.12.2025",{"title":65,"slug":66},{"image":190,"thumb":191},"https://quasa.io/storage/images/news/EOsQhSW3VXyG7a6NPdE1oZd00xfJXe3bjY5aJGb7.webp","https://api.quasa.io/thumbs/news-thumb/images/news/EOsQhSW3VXyG7a6NPdE1oZd00xfJXe3bjY5aJGb7.webp",65551,{"title":194,"description":195,"slug":196,"created_at":197,"publish_at":198,"formatted_created_at":199,"category":200,"links":201,"view_type":84,"video_url":85,"views":204,"likes":167,"lang":88,"comments_count":205,"is_pinned":108},"Top 5 Tips to Make More Money as a Content Creator","Content creators are one of the most desired job titles right now. Who wouldn’t want to earn a living online?","top-5-tips-to-make-more-money-as-a-content-creator","2022-01-17T17:31:51.000000Z","2026-01-17T11:30:00.000000Z","17.01.2026",{"title":19,"slug":20},{"image":202,"thumb":203},"https://quasa.io/storage/images/news/gP8kiumBPpJmQv6SMieXiX1tDetx43VwFfO1P4Ca.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/gP8kiumBPpJmQv6SMieXiX1tDetx43VwFfO1P4Ca.jpg",40018,1,{"title":207,"description":208,"slug":209,"created_at":210,"publish_at":211,"formatted_created_at":212,"category":213,"links":214,"view_type":130,"video_url":85,"views":217,"likes":167,"lang":88,"comments_count":87,"is_pinned":108},"8 Logo Design Tips for Small Businesses","Your logo tells the story of your business and the values you stand for.","8-logo-design-tips-for-small-businesses","2021-12-04T21:59:52.000000Z","2025-05-05T03:30:00.000000Z","05.05.2025",{"title":15,"slug":16},{"image":215,"thumb":216},"https://quasa.io/storage/images/news/Wbx2NtS1CnTupgoQbpFMGspJ5jm4uob2hDOq33r0.jpg","https://api.quasa.io/thumbs/news-thumb/images/news/Wbx2NtS1CnTupgoQbpFMGspJ5jm4uob2hDOq33r0.jpg",39426,[219,220,221,222,223,224,225,226,227,228,229,230,231],{"title":23,"slug":24},{"title":47,"slug":48},{"title":55,"slug":56},{"title":43,"slug":44},{"title":51,"slug":52},{"title":31,"slug":32},{"title":35,"slug":36},{"title":27,"slug":28},{"title":19,"slug":20},{"title":15,"slug":16},{"title":58,"slug":63},{"title":11,"slug":12},{"title":65,"slug":66}]