The narrator in the article acts as a third person observer and identifies "Claude" as the active hacker. So assuming the (unidentified) company that sells/manages the product wants to prosecute a CFAA violation, who do they go after? Was Claude the one responsible for all of the hacking?
What do you mean? IANAL, but Claude doesn't just "wake up" (whatever that means) and decide to reverse engineering/hack stuff, so if this is a CFAA violation the person who prompted Claude is indeed responsible. At best, one could argue that the company producing Claude is partially responsible because it didn't prevent people from using it to reverse engineer stuff, but there's no way Claude is "responsible for all of the hacking", regardless of how many times the blog posts says "Claude did X".
