🛡 Claude Code modified someone else's production database

A cross-session leakage vulnerability has been discovered in Claude Code (Anthropic's CLI agent), leading to data leakage between users. During one client's session, another user's root credentials suddenly appeared, allowing the AI agent to perform an unauthorized SSH connection and a PostgreSQL database migration.

🌍 The incident calls into question the guarantee of isolation in agentic AI systems. The vulnerability allows one user's data to seep into another user's session through context optimization mechanisms.

👤 Users of Claude Code and GitHub Copilot Workspace should immediately change all passwords and access keys used in AI sessions.

Source 1: https://github.com/anthropics/claude-code/issues/72274