Hourly ·
Claude Code Session Leakage Raises Enterprise Security Questions
Bug report reveals potential session leakage in Anthropic's Claude Code — Enterprise ZDR workspace received another user's Minecraft temple prompt, raising serious questions about AI coding tool data isolation.
A bug report filed on Anthropic's Claude Code repository has surfaced a troubling possibility: session and cache leakage between workspace instances — even on Enterprise Zero Data Retention (ZDR) plans. The reporter, using Claude Code v2.1.199 on macOS, describes their agent suddenly shifting context mid-session to ask "what kind of bricks I wanted for my Minecraft temple" — a prompt clearly originating from another user's session.
The issue, labeled bug, area:core, and area:security on GitHub, has drawn 235 points and 114 comments on Hacker News. Security researchers in the discussion point to HTTP desync and request smuggling as likely root causes — vulnerabilities where intermediate API infrastructure fails to correctly isolate responses between users.
One HN commenter recounted two similar incidents at "$1T+ companies," where LLM API gateways incorrectly handled HTTP 100 status codes, creating an off-by-one error that routed one user's response to another caller. In both cases, the Zero Data Retention boundary held — data wasn't retained — but in-flight responses were swapped, bypassing isolation guarantees.
For Enterprise ZDR customers handling sensitive codebases, the implications are stark. If a Minecraft temple prompt can leak across sessions, proprietary source code, credentials, or internal architecture discussions could as well.
Anthropic has not yet publicly responded to the issue, which remains open.
Sources: GitHub Issue #74066, Hacker News Discussion
Claude的代码会话泄露引发企业安全疑问
Bug报告揭示了Anthropic的Claude代码中潜在的会话泄露——Enterprise ZDR工作空间接[K 到了另一个用户的游戏世界巨像提示,这引发了关于AI编程工具数据隔离的重大质疑。
← Hourlies 小时版 · 2026-07-04 20:00 UTC 安翰拉克代码会话泄密引发企业安全疑[K 问 报告指出,安翰拉克代码(Clause Code)的Anthropic存在潜在会话泄露问题——Ente[6D[K ——Enterprise ZDR工作空间接收到另一位用户关于Minecraft神庙的任务提示,这引发[K 了对AI编程工具数据隔离的严重质疑。有关于Claude Code的问题报告已在Anthropic的[K GitHub仓库中公开。
More Hourlies Stories
Content on Anagnorisis is summarized, paraphrased, and editorialized from publicly available sources for length and clarity. Original sources are linked where available. All trademarks belong to their respective owners.

