AI-assisted exploit gave researcher administrator access to major US music festival ticketing platform
A security researcher used Anthropic’s Claude Opus 4.7 to bypass a firewall and gain super-administrator access to Front Gate Tickets, which handles ticketing for major festivals including Lollapalooza and Bonnaroo.
1 source · cross-referenced
- A security researcher leveraged Anthropic’s Claude Opus 4.7 to bypass a firewall and gain super-administrator access to Front Gate Tickets, a platform used by major US music festivals such as Lollapalooza and Bonnaroo.
- The researcher demonstrated the ability to freely issue tickets of any value and access millions of customer and staff records, though no evidence of prior exploitation was found.
- Front Gate Tickets reported the vulnerability was patched within 24 hours of disclosure, with no evidence of customer data compromise or ticket fraud.
- The incident highlights the potential for AI tools to accelerate discovery of exploitable vulnerabilities in widely used web systems.
A security researcher, Ian Carroll, used Anthropic’s Claude Opus 4.7 to bypass a firewall on Front Gate Tickets’ website and gain super-administrator access, enabling him to issue tickets of any value and access millions of customer and staff records. Carroll reported the findings to Front Gate, which stated the vulnerability was patched within 24 hours and that there was no evidence of exploitation, ticket impact, or compromise of customer information.
Carroll, who is part of Anthropic’s Cyber Verification Program, said Claude autonomously generated key elements of the exploit technique, including a nested SQL query that evaded the firewall’s detection. The AI tool then wrote a script that displayed samples from a table of 500 databases containing exposed customer information, including names, emails, and mailing addresses.
Using the access gained, Carroll reset the password for a super-administrator account by retrieving a reset code stored in the site’s backend, effectively taking over the account. He demonstrated the ability to add high-value tickets, such as a $4,000 4-Day Platinum ticket for Bonnaroo, to a shopping cart as complimentary tickets.
Front Gate acknowledged the vulnerability and stated that the issue was identified via AI-assisted tools bypassing standard firewall security controls to access an internal API used by entry scanners at festival venues, not a consumer-facing system or public login portal. The company confirmed no evidence of prior exploitation or customer information compromise.
Carroll countered that Front Gate’s claims about safeguards and audit trails were uncertain, noting that he accessed the site via a public-facing login portal and that the company did not provide evidence the vulnerability had not been previously exploited. He also shared that Front Gate confirmed his findings after he provided a draft of his blog post prior to WIRED’s inquiry.
- Jul 1, 2026 · Ars Technica — Technology Lab
Researchers show how AI browsers can be manipulated into ignoring safety guardrails
Trust79 - Jun 30, 2026 · Schneier on Security
AI-powered video surveillance expands from object detection to behavioral queries, raising privacy and misuse concerns
Trust72 - Jun 29, 2026 · Schneier on Security
Researchers identify widespread weak RSA keys with patterned zeros in the wild
Trust79