cd /news/ai-safety/potential-session-cache-leakage-betw… · home topics ai-safety article
[ARTICLE · art-47993] src=github.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

Potential session/cache leakage between workspace instances or consumer accounts

A bug report filed on Anthropic's Claude Code repository describes a potential session or cache leakage between workspace instances or consumer accounts, where an authenticated Enterprise ZDR user's agent began referencing unrelated content (a Minecraft temple) from another session. The issue raises serious security concerns about data isolation in enterprise workspaces.

read1 min views1 publishedJul 4, 2026
Potential session/cache leakage between workspace instances or consumer accounts
Image: source

NotificationsYou must be signed in to change notification settings - Fork 21.9k

area:core

area:security

bugSomething isn't workingSomething isn't working

platform:macosIssue specifically occurs on macOSIssue specifically occurs on macOS

Description #

Bug Description

Apparent session leakage, despite authenticated to Enterprise ZDR workspace. Agent suddenly started asking me what kind of bricks I wanted for my Minecraft temple and confidently asserted in its recap that it's building a Minecraft temple. I thought cache was isolated to workspace? Maybe one of my colleagues is building a minecraft temple. That's one way to spend your token allowance, I suppose. Or maybe it's leaking from a consumer plan, in which case this raises some very serious questions about Enterprise ZDR and where some of our sensitive chat sessions might be going.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.199
  • Feedback ID: f336f5d2-3992-4a04-9e1f-ec30f006f75e

Errors

[]

Maybe relevant: I'm doing something kind of weird. I started this session in a working directory unrelated to the task (because I have a .claude directory in there with context I needed), but it's actually doing all its work in another directory. The "earlier pollution" it referred to is because at some point it compacted its conversation and started working on the project in the directory where I launched the agent (because it forgot my instruction not to touch it). That was less surprising and obviously caused by my own setup. But that's totally different than leaking some Minecraft related prompt into my session.

Metadata #

Metadata #

Assignees

Labels

area:core

area:security

bugSomething isn't workingSomething isn't working

platform:macosIssue specifically occurs on macOSIssue specifically occurs on macOS

── more in #ai-safety 4 stories · sorted by recency
── more on @anthropic 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/potential-session-ca…] indexed:0 read:1min 2026-07-04 ·