Silent Fixes in Claude Code Reveal AI Security Gaps
Two significant vulnerabilities in Claude Code's network sandbox were quietly fixed, raising questions about AI security transparency. The lack of CVEs and public advisories leaves users in the dark.
Two critical vulnerabilities in Claude Code's network sandbox have recently been patched, but the way it was handled leaves much to be desired. Aonan Guan, a seasoned bug hunter from Wyze Labs, discovered these issues and reported them to Anthropic. Yet, Anthropic opted not to issue a CVE or public advisory, sparking debate about their transparency.
Vulnerabilities Exposed
The most alarming of the two bugs allowed attackers to exfiltrate data, including sensitive credentials, from within the sandbox. This breach was made possible through a SOCKS5 hostname null-byte injection. Guan highlighted that from the release of sandbox GA to version 2.1.90, anyone using Claude Code with a wildcard allowlist on a credential-bearing system had no effective network boundary.
Anthropic claims they identified and patched the flaw before Guan's report, releasing a fix on March 31 in version 2.1.88. Guan filed his report on April 3, only to be informed it was a duplicate of an internal finding. The real issue, according to Guan, is the lack of communication about these vulnerabilities to users.
The Need for Public Advisories
AI, silent patches without advisories are more common than you might think. Guan's frustration isn't about the timeline of fixes but about the missing advisories and CVEs. Users had no clue if their systems were at risk. Let's not kid ourselves, shipping a sandbox with a known hole is worse than having no sandbox at all.
Guan's earlier discovery in December 2025 did receive a CVE, but only for the underlying library, not specifically for Claude Code. This oversight leaves users vulnerable, as they might operate under the false impression of security.
Who Bears the Responsibility?
So, what's the bottom line here? Users often end up shouldering the responsibility of securing their AI systems due to the lack of transparency from vendors. Shouldn't companies like Anthropic ensure users know about potential risks? After all, informed users can make better security decisions.
Guan makes a compelling argument that AI agents need to be treated like employees with clear permissions and background checks before deployment. This could prevent future mishaps and foster trust between developers and users.
As AI continues to integrate into various applications, the need for clear communication about vulnerabilities becomes even more critical. It's time for companies to take ownership of this responsibility and prioritize user awareness.
Get AI news in your inbox
Daily digest of what matters in AI.