工作区实例或消费者账户之间可能存在会话/缓存泄露
Potential session/cache leakage between workspace instances or consumer accounts

原始链接: https://github.com/anthropics/claude-code/issues/74066

**摘要:潜在的会话泄露问题** 用户报告其企业级 ZDR 工作区会话中出现了一个令人担忧的安全异常。在已通过身份验证的情况下,AI 智能体莫名其妙地开始讨论“Minecraft 神庙”的建造,这表明来自外部或消费者级会话的输入可能已泄露到用户的私有工作区中。 用户最初将早期的异常情况归因于工作目录配置错误;然而,这种不相关且非专业内容(Minecraft 提示词)的注入引发了严重的数据隐私担忧。如果这确实是跨会话数据泄露,那么它将破坏企业级 ZDR 环境的安全保障。 **环境详情:** * **平台:** Darwin / Apple_Terminal 2.1.199 * **反馈 ID:** f336f5d2-3992-4a04-9e1f-ec30f006f75e 用户正在寻求明确,这究竟是真正的安全漏洞,还是会话隔离技术上的错误。

Hacker News 上的一场讨论目前正在关注关于 Anthropic 平台在不同工作区实例或用户账户之间可能存在会话或缓存泄露的报告。 评论者对此持怀疑态度,认为这种“一名用户似乎看到了属于另一名用户的数据”的行为,更有可能是 AI 产生的幻觉,而非真正的安全漏洞。用户指出,高上下文提示词(高达 80 万 token)可能会增加此类错误的可能性。具体来说,一名用户指出,一个引用了 `minecraft.py` 的工具调用输出,很可能源自 Python 虚拟环境的文件列表,而非跨账户的数据泄露。 尽管存在怀疑,参与者仍强调此类事件值得进行正式调查。讨论最后表达了对 AI 系统缺乏透明度的担忧,并指出即使 Anthropic 否认存在安全泄露,这些平台的“黑箱”特性也使用户难以独立验证其数据的安全性。
相关文章

原文

Bug Description
Apparent session leakage, despite authenticated to Enterprise ZDR workspace. Agent suddenly started asking me what kind of bricks I wanted for my Minecraft temple and confidently asserted in its recap that it's building a Minecraft temple. I thought cache was isolated to workspace? Maybe one of my colleagues is building a minecraft temple. That's one way to spend your token allowance, I suppose. Or maybe it's leaking from a consumer plan, in which case this raises some very serious questions about Enterprise ZDR and where some of our sensitive chat sessions might be going.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.199
  • Feedback ID: f336f5d2-3992-4a04-9e1f-ec30f006f75e

Errors

Image

Maybe relevant: I'm doing something kind of weird. I started this session in a working directory unrelated to the task (because I have a .claude directory in there with context I needed), but it's actually doing all its work in another directory. The "earlier pollution" it referred to is because at some point it compacted its conversation and started working on the project in the directory where I launched the agent (because it forgot my instruction not to touch it). That was less surprising and obviously caused by my own setup. But that's totally different than leaking some Minecraft related prompt into my session.

联系我们 contact @ memedata.com