anagnorisis.cloudSign in

← Hourlies

Hourly ·

Claude Code Session Leakage Raises Enterprise Security Questions

Bug report reveals potential session leakage in Anthropic's Claude Code — Enterprise ZDR workspace received another user's Minecraft temple prompt, raising serious questions about AI coding tool data isolation.

Claude Code Session Leakage Raises Enterprise Security Questions

A bug report filed on Anthropic's Claude Code repository has surfaced a troubling possibility: session and cache leakage between workspace instances — even on Enterprise Zero Data Retention (ZDR) plans. The reporter, using Claude Code v2.1.199 on macOS, describes their agent suddenly shifting context mid-session to ask "what kind of bricks I wanted for my Minecraft temple" — a prompt clearly originating from another user's session.

The issue, labeled bug, area:core, and area:security on GitHub, has drawn 235 points and 114 comments on Hacker News. Security researchers in the discussion point to HTTP desync and request smuggling as likely root causes — vulnerabilities where intermediate API infrastructure fails to correctly isolate responses between users.

One HN commenter recounted two similar incidents at "$1T+ companies," where LLM API gateways incorrectly handled HTTP 100 status codes, creating an off-by-one error that routed one user's response to another caller. In both cases, the Zero Data Retention boundary held — data wasn't retained — but in-flight responses were swapped, bypassing isolation guarantees.

For Enterprise ZDR customers handling sensitive codebases, the implications are stark. If a Minecraft temple prompt can leak across sessions, proprietary source code, credentials, or internal architecture discussions could as well.

Anthropic has not yet publicly responded to the issue, which remains open.

Sources: GitHub Issue #74066, Hacker News Discussion

More Hourlies Stories

Content on Anagnorisis is summarized, paraphrased, and editorialized from publicly available sources for length and clarity. Original sources are linked where available. All trademarks belong to their respective owners.

More from Anagnorisis