Skip to content
Tech News
← Back to articles

Claude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival

read original more articles
Why This Matters

This incident highlights the growing risks of AI-assisted hacking, especially in critical industries like event ticketing, where vulnerabilities can lead to widespread fraud and security breaches. It underscores the importance of robust cybersecurity measures and responsible AI use to protect consumer data and prevent exploitation. As AI tools become more accessible, both companies and developers must prioritize security to mitigate potential threats.

Key Takeaways

Fears about AI tools capable of autonomous hacking usually involve nightmare scenarios like the theft of nuclear launch codes or zeroed-out bank reserves. Far more plausible, it turns out, is asking AI to gain super-administrator access on a ticketing website and then issuing yourself and all of your friends free VIP backstage passes to Bonnaroo.

That was the discovery of security researcher Ian Carroll, who used the AI tool Claude Opus 4.7 in April to discover a technique that allowed him full access to the systems of Front Gate Tickets, which handles ticketing for practically every major US music festival, from Lollapalooza and South by Southwest to Austin City Limits. Carroll found that Front Gate, which like Ticketmaster is a subsidiary of the event company Live Nation Entertainment, had a bug in its website that he—with Claude’s help—could exploit to gain access to millions of customer or staff records and freely issue tickets for any event, of any value, to himself or whoever he chose.

“It was pretty cool to see a ticket that’s $4,000, and I could just hit a button and issue as many as I wanted,” says Carroll, who runs the startup Seats.aero but also does independent security research. “I could go to every single event with no limitations or restrictions: I could get the backstage pass or whatever they sell to the super VIPs—even if it’s sold out.”

Carroll did not, in fact, take advantage of his ticket-issuing superpower, and instead reported his findings to Front Gate, which says it has now patched the vulnerability. When WIRED contacted the company, it responded with a statement that thanked Carroll for reporting the hackable flaw and described the incident as a successful collaboration that had resulted in improvements to its security.

"This was resolved within 24 hours, and we can confirm there is no evidence of exploitation, ticket impact, or compromise of customer information,” the statement reads. “The issue was identified by a responsible security researcher who used AI-assisted tools to bypass standard firewall security controls and access an internal API used by entry scanners at festival venues—not a consumer-facing system or public login portal.”

A 4-Day "Platinum" ticket for Bonnaroo that Carroll found he could add to his shopping cart after gaining access to a Front Gate administrator's account. Courtesy of Ian Carroll

Even now that the flaw is fixed, though, the incident demonstrates just how broadly AI may be able to dig up hackable bugs in every facet of the internet. Carroll—who is part of Anthropic’s Cyber Verification Program, which allows approved security researchers to use its tools for certain hacking functions—says he was taken aback by how easily Claude came up with key elements of his technique for breaking into the Front Gate site. “I think there's a very good chance it could have found this exploit end-to-end without me doing anything at all,” Carroll says.