RESEARCH

Researcher Used Claude to Uncover a Ticketing Flaw at Most US Festivals

J James Whitfield Jul 2, 2026 2 min read
Engine Score 8/10 — Important

tier-1 research

Editorial illustration for: Researcher Used Claude to Uncover a Ticketing Flaw at Most US Festivals
  • Security researcher Ian Carroll used Claude Opus 4.7 to find a technique giving full super-administrator access to Front Gate Tickets.
  • Front Gate — a Live Nation subsidiary, like Ticketmaster — handles ticketing for practically every major US music festival, including Lollapalooza, SXSW, and Austin City Limits.
  • The flaw exposed millions of customer and staff records and let him issue free tickets of any value to any event.
  • Carroll did not exploit it; he reported his findings to Front Gate.

What Happened

Security researcher Ian Carroll used Claude Opus 4.7 in April to discover a technique that gave him full access to the systems of Front Gate Tickets, Wired reports. Front Gate — a Live Nation Entertainment subsidiary, like Ticketmaster — handles ticketing for practically every major US music festival, from Lollapalooza and South by Southwest to Austin City Limits.

With Claude‘s help, Carroll found a bug he could exploit to reach millions of customer or staff records and freely issue tickets for any event, of any value.

Why It Matters

The case reframes AI-hacking risk away from science-fiction scenarios toward something far more plausible: AI-assisted discovery of real vulnerabilities in ordinary web systems. As models grow more capable at coding — Claude now writes about 4% of public GitHub commits — the same skill accelerates finding exploitable flaws, a dual-use concern behind calls to govern advanced AI capabilities.

Technical Details

Carroll used Claude Opus 4.7 to identify a website bug in Front Gate’s systems that granted super-administrator access. From there he could reach millions of records and issue tickets without limit. “It was pretty cool to see a ticket that’s $4,000, and I could just hit a button and issue as many as I wanted,” Carroll told Wired. “I could go to every single event with no limitations or restrictions … even if it’s sold out.”

Who’s Affected

Front Gate and parent Live Nation face a serious exposure of customer and staff data; festival-goers were the potential victims. The security-research community gains a concrete example of AI as a discovery accelerant. AI providers face renewed dual-use scrutiny, since the same agentic coding ability that assists developers also assists vulnerability hunting.

What’s Next

Carroll — who runs the startup Seats.aero and does independent security research — followed responsible disclosure, reporting the flaw rather than abusing it. The broader question is what happens as AI lowers the barrier to finding such bugs: whether defenders adopt the same tools fast enough, and whether every high-value web platform is now one capable model away from a similar finding.

Share

Enjoyed this story?

Get articles like this delivered daily. The Engine Room — free AI intelligence newsletter.

Join 500+ AI professionals · No spam · Unsubscribe anytime