Claude Opus 4.7 helped hacker issue free tickets to any US music festival
AI found a bug to generate unlimited VIP passes to every major festival.
Security researcher Ian Carroll, founder of Seats.aero and participant in Anthropic's Cyber Verification Program, used Claude Opus 4.7 in April to hack into Front Gate Tickets, the ticketing platform for nearly every major US music festival (Lollapalooza, Bonnaroo, Austin City Limits, South by Southwest). The AI helped him bypass standard firewall controls and access an internal API used by entry scanners at venues. From there, he escalated privileges to full super-administrator access, enabling him to issue tickets of any value—including $4,000 Platinum VIP backstage passes—for any event, even sold-out ones. Carroll did not exploit the access; instead, he responsibly disclosed the vulnerability to Front Gate, which patched the bug within 24 hours.
Front Gate responded that there was no evidence of exploitation, customer data compromise, or ticket impact, and noted that their security safeguards would have flagged any changes. However, Carroll points out that the company doesn't confirm the vulnerability wasn't previously exploited. Anthropic emphasized that Carroll's use of Claude was authorized under its Cyber Verification Program, which aims to help defenders make code safer. Carroll was surprised at how easily Claude generated the exploit technique, suggesting the AI could have found it end-to-end without human intervention. The incident highlights how AI tools like Claude can autonomously discover serious security flaws, lowering the barrier for both malicious hackers and defenders.
- Claude Opus 4.7 helped bypass firewall and access an internal API used by festival entry scanners.
- Researcher gained super-admin privileges enabling issuance of any ticket, including $4,000 VIP passes to sold-out events like Bonnaroo.
- Vulnerability patched within 24 hours; Front Gate states no customer data or tickets were compromised.
Why It Matters
AI-assisted hacking is real: Claude found a critical flaw, showing both risk and defensive potential.