Skip to content
Safety · Jul 1, 2026

AI-assisted exploit gave researcher administrator access to major US music festival ticketing platform

A security researcher used Anthropic’s Claude Opus 4.7 to bypass a firewall and gain super-administrator access to Front Gate Tickets, which handles ticketing for major festivals including Lollapalooza and Bonnaroo.

Trust79
HypeLow hype

1 source · cross-referenced

ShareXLinkedInEmail
TL;DR
  • A security researcher leveraged Anthropic’s Claude Opus 4.7 to bypass a firewall and gain super-administrator access to Front Gate Tickets, a platform used by major US music festivals such as Lollapalooza and Bonnaroo.
  • The researcher demonstrated the ability to freely issue tickets of any value and access millions of customer and staff records, though no evidence of prior exploitation was found.
  • Front Gate Tickets reported the vulnerability was patched within 24 hours of disclosure, with no evidence of customer data compromise or ticket fraud.
  • The incident highlights the potential for AI tools to accelerate discovery of exploitable vulnerabilities in widely used web systems.

A security researcher, Ian Carroll, used Anthropic’s Claude Opus 4.7 to bypass a firewall on Front Gate Tickets’ website and gain super-administrator access, enabling him to issue tickets of any value and access millions of customer and staff records. Carroll reported the findings to Front Gate, which stated the vulnerability was patched within 24 hours and that there was no evidence of exploitation, ticket impact, or compromise of customer information.

Carroll, who is part of Anthropic’s Cyber Verification Program, said Claude autonomously generated key elements of the exploit technique, including a nested SQL query that evaded the firewall’s detection. The AI tool then wrote a script that displayed samples from a table of 500 databases containing exposed customer information, including names, emails, and mailing addresses.

Using the access gained, Carroll reset the password for a super-administrator account by retrieving a reset code stored in the site’s backend, effectively taking over the account. He demonstrated the ability to add high-value tickets, such as a $4,000 4-Day Platinum ticket for Bonnaroo, to a shopping cart as complimentary tickets.

Front Gate acknowledged the vulnerability and stated that the issue was identified via AI-assisted tools bypassing standard firewall security controls to access an internal API used by entry scanners at festival venues, not a consumer-facing system or public login portal. The company confirmed no evidence of prior exploitation or customer information compromise.

Carroll countered that Front Gate’s claims about safeguards and audit trails were uncertain, noting that he accessed the site via a public-facing login portal and that the company did not provide evidence the vulnerability had not been previously exploited. He also shared that Front Gate confirmed his findings after he provided a draft of his blog post prior to WIRED’s inquiry.

Sources
  1. 01WiredClaude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival
Also on Safety

Stories may contain errors. Dispatch is assembled with AI assistance and curated by human editors; despite the trust-score filter, mistakes happen. We correct publicly — every article links to its revision history. Nothing here is financial, legal, or medical advice. Verify before relying on any claim.

© 2026 Dispatch. No ads. No sponsorships. No paid placement. Reader-supported via Ko-fi.

Built by a person who cares about honest AI news.