It sounds like the plot of a heist movie: a lone security researcher, sitting at his laptop, asks an AI chatbot for help cracking into a ticketing website — and within minutes, he has the power to issue himself unlimited free VIP backstage passes to Bonnaroo, Lollapalooza, South by Southwest, Austin City Limits, and virtually every other major music festival in the United States.
No cost. No limits. No sold-out barriers. Even the $4,000 Platinum tickets? Just a button click away. This is not fiction. It happened in April 2026 — and the story of how it unfolded has become one of the most talked-about cybersecurity revelations of the year, reigniting a fierce global debate about whether AI tools are making the internet fundamentally harder to keep safe.

The researcher at the centre of the story is Ian Carroll, founder of travel startup Seats.aero and an independent security researcher who is part of Anthropic’s Cyber Verification Program — a vetted scheme that allows approved security professionals to use Claude for certain cybersecurity research functions.
Carroll did not exploit his discovery for personal gain, did not issue a single fraudulent ticket, and responsibly disclosed the vulnerability to the affected company. But what he found — and how easily he found it with Claude’s help — has left the cybersecurity world deeply unsettled.
The Hack: A SQL Injection, a Firewall Bypass, and an AI That Did It All
Carroll’s story began simply enough. He was considering attending Electric Daisy Carnival, the massive electronic dance music festival held in his hometown of Las Vegas, and noticed that its ticketing was handled by a company called Front Gate Tickets.
When he checked other festivals’ websites out of curiosity, he found something striking: Front Gate, a subsidiary of Live Nation Entertainment (the same parent company as Ticketmaster), handles ticketing for practically every major US music festival — giving it an almost total monopoly on the sector. “This is like Ticketmaster but for music festivals,” Carroll recalls thinking. “They have the monopoly, essentially.”
As a web security specialist, Carroll began probing Front Gate’s domain for vulnerabilities. He quickly spotted what appeared to be a classic SQL injection flaw — a well-known type of vulnerability in which a hacker inputs database commands into a website’s text fields, causing them to execute on the backend and potentially expose stored data. The problem was that Front Gate had a web application firewall in place that appeared to be blocking his attempts to exploit it.
So Carroll turned to Claude Opus 4.7 — Anthropic’s most advanced publicly available model at the time — and asked it to find a way through. The result was immediate and startling. “It was the first time, really, that I had a vulnerability that I didn’t fully understand,” Carroll told WIRED. “I had to go back and read what Claude had written to understand the bypass, because I didn’t write it. Claude did it completely by itself.”
What Claude had devised was a nested SQL query technique — a SQL command embedded within another SQL command — that evaded the firewall’s detection entirely. The AI then wrote a complete script that pulled sample data from a table of 500 exposed databases containing customer information.
In total, Carroll believes the vulnerability would have given any attacker access to the personal data of millions of customers — including names, email addresses, and mailing addresses (though not credit card details) — as well as the data of Front Gate’s own staff.
With access to staff data, Carroll’s path to full system control opened rapidly. He located a super-administrator account, triggered a password reset, and — crucially — found that the reset confirmation code sent to the administrator’s email was stored in the site’s own accessible backend.
He retrieved it, confirmed the reset, set a new password, and took over the super-administrator account completely. From there, he was looking at the most expensive tickets available for Bonnaroo and adding $4,000 Platinum VIP passes to a shopping cart as complimentary tickets. “It seems like you could do that for every single event that you wanted to,” he said. He stopped short of actually completing an order, concerned about crossing into fraud territory.
🎟️ Watch: Hacker Used Claude to Break Into Music Festival Tickets Website
The Aftermath: Patched in 24 Hours, But Questions Remain
Carroll reported his findings directly to Front Gate, which patched the vulnerability within 24 hours and issued a statement thanking him for the responsible disclosure. “This was resolved within 24 hours, and we can confirm there is no evidence of exploitation, ticket impact, or compromise of customer information,” the company stated, characterising the incident as “a successful collaboration.”
Front Gate also argued that its security safeguards would have limited personal data exposure, that staff account changes trigger internal alerts, that fraudulently issued tickets would leave an audit trail, and that many high-value and VIP tickets require RFID wristbands that cannot be generated through the online system — making them harder to exploit even if the bug had been abused.
Carroll disputes several of these claims. He says he successfully obtained super-administrator privileges without triggering any visible response from the company, and that he accessed the system through a public-facing login portal — directly contradicting Front Gate’s framing of the vulnerability as limited to an internal API.
He also noted the absence of two-factor authentication on administrator accounts, meaning that even without the SQL injection vulnerability, anyone who obtained a staff member’s password could log in and issue tickets freely. “There’s just this one centralised company issuing all tickets for every single festival,” Carroll observed. “And even without this vulnerability, if you knew someone’s password, you could just log in without any verification and issue free tickets.”
Perhaps the most sobering takeaway from the entire episode is Carroll’s own assessment of how easily Claude accelerated the discovery process. “I think there’s a very good chance it could have found this exploit end-to-end without me doing anything at all,” he said.
Anthropic, for its part, defended the Cyber Verification Program as a mechanism specifically designed to support responsible security research, stating that if Carroll had not been part of the programme, “his use of Claude to hack Front Gate’s systems would have been detected and blocked.”
The incident is, in Carroll’s own words, a window into how much of the modern web is held together by what amounts to “duct tape and prayers” — and a preview of how dramatically AI is about to change the economics of finding those fragile seams. 🔐🎶
Quick Links:
