Security researcher Ian Carroll employed Anthropic’s Claude Opus 4.7 to probe Front Gate Tickets, the platform that sells passes for virtually every major U.S. music festival. In April, the AI helped him identify a hidden SQL‑injection weakness that a web‑application firewall was missing.
The AI‑generated exploit used a nested query to evade the firewall, granting Carroll super‑administrator access to the backend. From there he could view millions of customer and staff records—names, emails and mailing addresses—and script the creation of tickets at any price, including $4,000 VIP passes. Carroll never completed an order, fearing fraud, and instead disclosed the flaw to Front Gate.

Front Gate patched the vulnerability within 24 hours and issued a statement saying no ticket sales or customer data were compromised. Anthropic noted that Carroll’s work was conducted under its Cyber Verification Program, which permits approved researchers to use AI for defensive testing. The episode underscores how AI can accelerate bug hunting and raises questions about the security of centralized ticketing services that lack basic safeguards such as two‑factor authentication.




