: Developers remain unsure how to prevent access to sensitive data
Don't you hate it when machines can't follow simple instructions? Anthropic's Claude Code can't take"ignore" for an answer and continues to read passwords and API keys, even when your secrets file is supposed to be blocked.
file that tells the developer's Git software to ignore that file when copying a local repo to a remote server.When asked,"If I make a .env file, how do I keep you from reading it?", Claude responded,"You can add .env to a .claudeignore file in your project root. This works like .gitignore — Claude Code will refuse to read any files matching patterns listed there."This has potential security implications, particularly for agents – these tool-enabled AI models could be induced to share stored secrets via indirect prompt injection.entry that includes".env", Claude dutifully prints the secrets within to the console, with the following warning:"Note: This file contains credentials. Be cautious about committing it to version control — make sure .env is listed in your .gitignore."Anthropic CEO bloviates for 20,000+ words in thinly veiled plea against regulationin Claude Code's GitHub repository," Claude exposes secrets/tokens in tool output - no redaction." The individual who opened the issue two days ago notes,"This is a security-critical issue that should be addressed urgently."from three weeks ago that says,"Claude should refrain from reading or even being aware of anything in the .claudeignore file, using same standard parsing rules as a .gitignore file."When we created that file as described in the documentation, Claude reported an error:"The .env file is blocked by permission settings. This is expected behavior — .env files typically contain secrets , so they are excluded from tool access as a security measure."that explains Claude's syntax for absolute paths begins with two"//" instead of"/" as Linux and macOS users might expect. Developers have alsoFortinet unearths another critical bug as SSO accounts borked post-patchFlush with cash, SK hynix spawns mysteriously named 'AI Co.'Cops put Microsoft Copilot in holding cell after controversial hallucinationCops get more facial recognition vans as UK bets big on AI policing
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Highway Code rule that could see drivers face £2,500 fine if brokenMotorists could be fined or even banned from hitting the roads
Read more »
'Ralph Wiggum' loop prompts Claude to vibe-clone commercial software for $10 an hourFeature: Developer behind it is sick with worry he might have changed software development in nasty ways
Read more »
How one developer used Claude to build a memory-safe extension of Cfeature: Robin Rowe talks about coding, programming education, and China in the age of AI
Read more »
Martin Lewis's five-digit code warning for iPhone and Android usersMartin Lewis has shared essential advice with Brits on how to protect their mobile devices
Read more »
AI-Driven Code Generation Raises Concerns for DevelopersAn open-source developer created a script, dubbed Ralph, that uses agentic AI and coding assistants to generate software, leading to concerns about the future of software development due to its efficiency and cost-effectiveness. The script utilizes a feedback loop to refine code iteratively. The developer successfully cloned commercial software using this approach, highlighting the potential impact on the industry.
Read more »
Martin Lewis viewer saves £200 a year by texting three letter code to mobile providerA Martin Lewis Money Show Live viewer has shared how he managed to slash his mobile phone bill by more than half
Read more »