Anthropic investigates potential macOS session and cache leakage in Claude Code
A security bug report in the Claude Code repository indicates potential session leakage between workspaces on macOS. A user reported that an agent in an Enterprise workspace displayed context related to a personal Minecraft project.
Why it matters
Security researchers and enterprise users are evaluating potential isolation failures that could lead to data cross-contamination between different user accounts or project workspaces.
TL;DR
- 01A session leakage bug (ID 74066) is reported on macOS for Claude Code.
- 02Users in Enterprise environments reported seeing external project data.
- 03Anthropic is currently investigating the potential isolation failure.
Security Bug #74066 on macOS
An issue has been filed on the official claude-code repository (Feedback ID f336f5d2-3992-4a04-9e1f-ec30f006f75e) specifically targeting the macOS platform. Users have observed apparent session leakage, where an agent within an Enterprise ZDR workspace began referencing external content, such as a Minecraft project. This raises concerns regarding how session data is isolated and whether tokens or cache state could be inadvertently shared between different environment contexts.