A critical vulnerability in the Chrome extension for Anthropic's Claude AI model has been discovered, allowing any other plugin to potentially hijack the AI agent. This flaw, identified by browser security firm LayerX, stems from a specific instruction in the extension's code that permits any script running in the browser to embed hidden instructions and take control of the agent. The vulnerability is particularly concerning as it can be exploited by plugins without special permissions, highlighting the potential risks associated with large language models. The discovery underscores the security implications of AI developments, particularly those from Anthropic, which can reshape both capability and risk surfaces1. This matters to practitioners as it highlights the need for rigorous security testing and validation of AI-powered extensions to prevent potential hijacking and misuse of AI agents.