SaaSAgentic Action ErrorAgentic WorkflowMedium

Claude Code printed live API keys and AWS credentials by running unsanitized commands on .env

Claude Code executed bash commands such as grep and cut on .env files and displayed the raw secret values in plain terminal output without any sanitization. This occurred even when explicit rules in CLAUDE.md prohibited the model from revealing credentials. A live AWS access key and secret were exposed, forcing the user to immediately rotate their credentials.

Anthropic · Incident Mar 9, 2026 · Indexed Jun 4, 2026 · 3 sources

An agentic coding assistant ran grep on .env files and echoed the raw credentials straight to the terminal with no sanitization layer in between.

Key facts

What
Claude Code executed bash commands such as grep and cut on .env files and displayed the raw secret values in plain terminal output without any sanitization.
Incident date
Mar 9, 2026
Who
Anthropic
Failure mode
Agentic Action Error
AI surface
Agentic Workflow
Severity
Medium

What happened

Claude Code repeatedly executed bash commands such as grep and cut on .env files, then displayed the raw secret values including AWS access keys and API tokens in plain terminal output. The model ignored explicit prohibitions written in CLAUDE.md and persistent memory files that instructed it never to reveal credentials. A live AWS access key and secret key were printed to the terminal, forcing the user to rotate credentials immediately. The issue was filed as a security bug but was ultimately closed as not planned.

What broke inside the model

Failure path · mode profile · Agentic Action Error
  1. 01 · TriggerAn agent plans a multi-step task.
  2. 02 · Model stepIt chooses a wrong or destructive action.
  3. 03 · Control gapNo confirmation gate guards the write.
  4. 04 · FailureThe action commits to a system of record.
  5. 05 · ConsequenceData is changed or destroyed irreversibly.

A wrong action commits, and the step is written before anything can stop it.

Claude Code displayed the full stdout of every bash command it executed without any filtering or redaction of credential-shaped strings. The agent also ignored explicit prohibitions defined in CLAUDE.md rules, failing to suppress output that matched secret patterns. The system lacked a sanitization layer between bash command output and terminal rendering, so any command that read credentials would echo them verbatim to the user.

What it cost

Public visibilityMedium
Regulatory exposureNone
Customer impactFew customers
Financial impactUnknown
Time to disclosureMonths

Sources

  1. PrimarySECURITY: Claude Code reveals secret keys and credentials in terminal output despite explicit prohibitionsgithub.com
  2. PressClaude Code Security Best Practicesbackslash.security
  3. Social[Security] Claude Code reads .env files by defaultreddit.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/claude-code-printed-live-api-keys
CitationAI Failure Index. "Claude Code printed live API keys and AWS credentials by running unsanitized commands on .env" (FI-0101). Realm Labs. https://failureindex.ai/failures/claude-code-printed-live-api-keys (indexed Jun 4, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0101. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AgentRealm

Realm can sit inline on the agent's action path and require that a destructive or high-consequence action clears a real check before it executes, so 'delete and recreate' or a wrong write is stopped at the moment of intent, not explained in the post-mortem.

Book a Demo

Related failures

Other records that share this failure mode (Agentic Action Error) or industry (SaaS).

FI-0452Public SectorMedium
Agentic Action Error

Ukrainian sea drone reportedly veers off course and explodes in Constanta port

On 2026-06-05 a naval/sea drone reportedly linked to Ukraine exploded in the Romanian port of Constanta after veering off course. Ukrainian officials told reporters the drone lost control following alleged electronic jamming; authorities say the area was secured and there were no injuries. Multiple independent news outlets reported the incident the same day.

Confidence
Medium (multi-source)
Ukrainian Navy (reported)4 sourcesPressPublicJun 2026
FI-0334SaaSHigh
Brand & Safety Incident

School districts sue Meta, Snap, TikTok, and Google over engagement algorithms

Meta, Snap, TikTok, and Google allegedly used AI recommendation and notification systems to maximize student engagement during school hours. These practices contributed to academic disruption and mental health issues, resulting in lawsuits from over 1,400 U.S. school districts.

Confidence
High (multi-source, primary)
Meta, Snap, TikTok, and Google3 sourcesPrimaryPublicJun 2026
FI-0118InsuranceMedium
Agentic Action Error

Pennsylvania AG settled with GEICO over AI underwriting tied to improper policy cancellations

Pennsylvania Attorney General Dave Sunday announced a settlement with GEICO on May 22, 2026, after an investigation found the insurer's AI tool for selecting new policyholders for underwriting review caused customer confusion and unfair policy cancellations. The AI selected a policyholder for review who submitted documents she believed were adequate, but GEICO failed to inform her the submission was insufficient and cancelled her policy without adequate notice, leaving her unknowingly driving uninsured. GEICO agreed to extend document submission deadlines, reduce verification requirements, and align with state AI guidance without admitting any violation of law.

Confidence
High (multi-source, primary)
GEICO3 sourcesPrimaryPublicMay 2026