CoinWorld reports that a user on GitHub has reported that while using Anthropic's Claude Code, server IPs, usernames, and plaintext root passwords that do not belong to them appeared in the conversation context, causing the AI to automatically connect to other servers and modify databases. Community technical analysts believe the root cause is a failure in the isolation mechanism of the large model's prompt prefix cache, leading to collisions between cache keys of different users. GitHub has now labeled the issue with the tag "area:security," and all parties are awaiting Anthropic's verification conclusion.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 8
  • Repost
  • Share
Comment
Add a comment
Add a comment
ForkAndChill
· 3h ago
The user is the most unfortunate, their server was inexplicably logged in by AI.
View OriginalReply0
HeavyStakingOnASnowyNight
· 4h ago
GitHub directly applied the security label, which seems quite serious.
View OriginalReply0
PineLiquidityPool
· 6h ago
"Root password plaintext appeared in someone else's conversation? That's absurd — absurdity squared."
View OriginalReply0
NonceNinja
· 6h ago
Wait for the official response, all the speculation now is just empty arguments.
View OriginalReply0
QuantsAndCats
· 6h ago
Using a prompt prefix as a cache key is quite a risky design in itself.
View OriginalReply0
TidalShell
· 7h ago
Even cache isolation can have collisions, Anthropic's architects must be losing sleep.
View OriginalReply0
GasFeesAfterTheRain
· 7h ago
Shouldn't other AI coding tools also self-check their isolation mechanisms?
View OriginalReply0
GateUser-382715ed
· 7h ago
I've heard of credential stuffing attacks, but this is the first time I've seen cache key stuffing.
View OriginalReply0
  • Pinned