AI Helped A Hacker Find A Way To Issue Tickets To Almost Every Major US Music Festival

A security researcher used Anthropic's Claude AI to identify a serious vulnerability in the ticketing system used by many major US music festivals, potentially allowing access to customer data and the ability to issue tickets.

Advertisement
Read Time: 3 mins
The company behind the platform says the flaw was fixed within 24 hours.

A security researcher has revealed that he used an artificial intelligence tool developed by Anthropic to uncover a major security flaw in a ticketing platform used by many of the largest music festivals in the United States.

Ian Carroll, an independent cybersecurity researcher and founder of travel platform Seats.aero, told WIRED that he used Anthropic's Claude Opus 4.7 model to identify a vulnerability in Front Gate Tickets, a company that handles ticket sales for major festivals including Lollapalooza, Bonnaroo, South by Southwest and Austin City Limits.

According to Carroll, the flaw could have allowed an attacker to access millions of customer and staff records and potentially issue tickets for events without authorisation. He said the AI system helped him discover a method to bypass security protections that blocked a known type of web attack.

Carroll said he was able to gain access to administrative accounts and view options to issue high-value tickets, including VIP passes. However, he said he did not issue any tickets or misuse the access, choosing instead to report the vulnerability to the company.

Advertisement

Front Gate Tickets confirmed that the security issue had been fixed within 24 hours of being reported. The company said there was no evidence that customer information had been compromised or that the vulnerability had been exploited by malicious actors.

In a statement, Front Gate said the issue involved an internal system used by festival entry scanners rather than a public-facing customer platform. The company also said that some premium tickets require physical RFID wristbands and could not have been generated through the online system.

Advertisement

The incident has raised fresh concerns about the growing capability of artificial intelligence tools in cybersecurity. Carroll said he was surprised by how effectively the AI system identified techniques that he had not considered himself.

Anthropic said its Cyber Verification Program is designed to allow approved security researchers to use advanced AI tools responsibly to improve online security. The company added that unauthorised attempts to use its systems for hacking activities are detected and blocked.

Cybersecurity experts have increasingly warned that advances in artificial intelligence could make it easier to discover software vulnerabilities, raising questions about how organisations protect critical online systems.

Featured Video Of The Day
After Ayodhya, Badrinath Hit By Donation Theft Claims, Temple Trust Orders Probe