[Security] Pre-commit secret detection missing - caused $30K incident (PR #17551 ready for review) #18643
Description
Summary
Following up on the discussion in PR #15040, filing this issue as requested by @ddworken to track pre-commit secret detection on the backlog.
However, I want to note that PR #17551 (submitted January 11, 2026) already implements exactly the approach suggested: integration with TruffleHog/GitLeaks, respecting existing configurations, with minimal footprint (~200 LOC).
Background: This Is a Critical Security Defect (Not Feature Request)
Issue #2142 - Prior Notice (June 2025)
This defect was first reported 7+ months ago:
- Opened: June 16, 2025
- Assigned to: @levpopov (Anthropic engineer)
- Status: STILL OPEN (no fix for 7+ months)
- Labels:
area:core,area:security,bug,has repro,memory - Exposed Credentials: Gmail App Password, Google Maps API Key, Firecrawl API Key
- Repository: github.com/r0bug/YFEvents (commit 09c203e)
- Latest activity: Community member suggesting "Use hooks." (Jan 12, 2026)
- Problem: Claude Code has no pre-commit hook architecture
- This is exactly what PR feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551 implements
- Anthropic engineering responses: ZERO in 7+ months
My Incident (November 15, 2025) - 5 MONTHS After Issue #2142
The defect described in Issue #2142 caused real-world harm to me:
- Repository: free-intelligence (private)
- Commit: f3ac3f6a8b9c2d1e0f4g5h6i7j8k9l0m1n2o3p4
- Exposed: Azure OpenAI API key (live production key)
- Financial Damage: $30,000 in fraudulent API charges
- Employment Impact: Termination at JLL
- Vulnerability Window: 10 days before exploitation detected
- Commit Attribution: "Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com"
Timeline Demonstrating Pattern
June 16, 2025: Issue #2142 opened + assigned to @levpopov
↓
5 MONTHS WITHOUT FIX
↓
November 15: My $30,000 incident occurs
↓
December 2025: I submit PR #15040 (custom detection)
↓
January 11: I submit PR #17551 (TruffleHog/GitLeaks integration)
(Implements exactly what @ddworken suggested)
↓
January 12: PR #15040 closed by @ddworken
Feedback: "Use TruffleHog/GitLeaks instead"
Request: "File an issue to track on backlog"
↓
January 16: PR #17551 has NO RESPONSE (5+ days)
Issue #2142 STILL OPEN (7+ months)
Current Behavior (Defect)
Claude Code has no pre-commit secret detection:
- CLAUDE.md can contain security rules
- Claude Code ignores these rules during commits
- No architectural pre-commit gate exists
- Credentials are committed without warning
- Users discover exposure only after public push
Reproduction
See: https://github.com/BernardUriza/claude-code-secret-exposure-test
# 1. Create CLAUDE.md with security checks
echo "Before committing, run: gitleaks detect --no-git" > CLAUDE.md
# 2. Add credentials to codebase
echo "AZURE_KEY=sk-live-production-key-12345" > .env
# 3. Ask Claude Code to commit
# Expected: Pre-commit check runs, blocks commit
# Actual: Commit succeeds, credentials exposed
# 4. Verify credentials committed
git show HEAD:.env
# Result: Credentials in version controlReproducibility: 100% across all scenarios
Expected Behavior (Industry Standard)
Pre-commit secret detection should:
- Run automatically before every commit
- Block commit if secrets detected
- Integrate with industry tools (TruffleHog, GitLeaks, etc.)
- Respect existing configurations (pre-commit, pre-push, GH actions)
Industry Comparison
| Feature | GitHub Copilot | Cursor AI | Claude Code |
|---|---|---|---|
| Secret detection | ✅ (2021) | ✅ (2022) | ❌ |
| Pre-commit hooks | ✅ | ✅ | ❌ |
| CLAUDE.md enforcement | N/A | N/A | ❌ |
Claude Code is the only major AI coding assistant without basic secret protection.
🎯 Proposed Solution: PR #17551 (Ready for Review)
IMPORTANT: The solution to this issue already exists and is ready for technical review.
Submitted: January 11, 2026 (5+ days ago, no response)
Implementation:
- ✅ Integrates TruffleHog/GitLeaks (exactly as @ddworken suggested in PR feat(security): Add hardcoded credentials detection to security-guidance plugin #15040)
- ✅ Respects existing configurations (pre-commit, pre-push, GH actions)
- ✅ Minimal footprint (~200 LOC, non-invasive)
- ✅ Non-blocking fallback (doesn't break workflow when tools unavailable)
- ✅ Zero ongoing maintenance (delegates to industry-standard tools)
- ✅ Community-tested implementation
Technical approach:
- Pre-commit hook that invokes TruffleHog/GitLeaks if available
- Graceful degradation if tools not installed
- Clear user messaging about detected secrets
- Respects existing Claude Code architecture
Why This Is severity:critical (Not Backlog Item)
Real-World Harm
- ✅ $30,000 documented financial damages (my incident)
- ✅ Employment termination
- ✅ 10-day vulnerability window before detection
- ✅ Multiple victims over 7-month period (Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 + 6 related issues)
Legal Exposure
- ✅ Prior formal notice: Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 assigned to engineer 7+ months ago
- ✅ Pattern of negligence: Known defect, assigned engineer, no fix, harm occurred
- ✅ Unjust enrichment: Community provides free fix (PR feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551), company ignores it
- ✅ Deceptive marketing: "Enterprise-ready" without basic security
Industry Impact
- ✅ Only major AI coding tool without secret protection
- ✅ Affects all Claude Code users
- ✅ Reputational damage to Anthropic's "AI safety" brand
Pattern of Multiple Victims
From related issues:
- Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142: Gmail/Maps/Firecrawl keys exposed (June 2025 - STILL OPEN)
- Issue [BUG] approved bash commands containing credentials are stored as is with plain text credentials in settings.local.json #5544: Bash commands storing credentials as plaintext
- Issue [Bug] Security Risk: Insecure Cryptocurrency Private Key Storage Recommendation #8898: Insecure cryptocurrency private key storage
- Issue [Bug] Ignore User-Defined Commit Instructions in CLAUDE.md #9078: Ignoring user commit instructions in CLAUDE.md (marked DUPLICATE)
- Issue [BUG] Claude Code likes to write secrets into documentation files #9640: Writing secrets into documentation files (marked DUPLICATE)
- Issue [BUG] Security Bug Report: Claude Code Exposes Sensitive Environment Variables When Confused #11271: Exposing sensitive environment variables
- Issue Claude Code hardcoded API key in markdown documentation file #12524: My Azure OpenAI incident ($30K damages + employment loss)
Community frustration (from Issue #2142):
- "Hey more than 6 months and same issue. Do you even want to fix this?? Or your user's money is not a priority to you?" - @dr-psych (January 8, 2026)
- Bot threatened to auto-close after 6 months of no Anthropic response (December 6, 2025)
Evidence of Continued Negligence
Issue #2142 Abandonment
Assignment: @levpopov (June 16, 2025 - 7+ months ago)
Anthropic engineering engagement: ZERO responses since assignment
Latest activity (January 12, 2026): Random community member suggesting "Use hooks."
- Problem: Claude Code has NO pre-commit hook architecture
- This is exactly what PR feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551 implements
- Demonstrates community confusion about missing features
This demonstrates complete abandonment of a critical security defect.
Request for Prioritization
I appreciate @ddworken's suggestion to file this issue to track on the backlog. However, PR #17551 already implements the solution using exactly the approach suggested (TruffleHog/GitLeaks integration).
Why Review PR #17551 Instead of Adding to Backlog?
Given:
- ✅ Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142 has been open for 7+ months (prior formal notice)
- ✅ $30,000 in documented damages from my incident
- ✅ Pattern of multiple victims (7+ related issues)
- ✅ Community-provided fix ready (PR feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551 implements requested approach)
- ✅ Minimal review burden (~200 LOC, well-documented)
- ✅ No ongoing maintenance (delegates to existing tools)
- ✅ Industry-standard approach (same tools GitHub/Cursor use)
Could PR #17551 be prioritized for technical review rather than deferring this to the backlog?
The fix exists, is ready, and addresses exactly what was requested. A technical review would take minimal time compared to the 7+ months Issue #2142 has remained open.
I'm Available To
- Address any technical feedback on PR feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551 immediately
- Provide additional test cases or documentation
- Adjust implementation based on architectural preferences
- Collaborate on alternative approaches if needed
- Answer questions about the incident or reproduction steps
Related Issues & PRs
Issues
- [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142: Original report (June 2025 - STILL OPEN, assigned to @levpopov)
- Claude Code hardcoded API key in markdown documentation file #12524: My $30K incident report
- [BUG] approved bash commands containing credentials are stored as is with plain text credentials in settings.local.json #5544, [Bug] Security Risk: Insecure Cryptocurrency Private Key Storage Recommendation #8898, [Bug] Ignore User-Defined Commit Instructions in CLAUDE.md #9078, [BUG] Claude Code likes to write secrets into documentation files #9640, [BUG] Security Bug Report: Claude Code Exposes Sensitive Environment Variables When Confused #11271: Related credential exposures
Pull Requests
- feat(security): Add hardcoded credentials detection to security-guidance plugin #15040: Initial implementation (December 2025 - closed with feedback)
- feat(security): Integrate TruffleHog/GitLeaks for automatic secret scanning #17551: Revised implementation per @ddworken's feedback (January 2026 - awaiting review)
Evidence Repository
- https://github.com/BernardUriza/claude-code-secret-exposure-test
- Reproducible test suite
- Technical root cause analysis
- Complete incident documentation
- Timeline of all related issues
Legal Context (Transparency)
I want to be transparent: given the severity of damages ($30K + employment loss) and the pattern of negligence documented above (7+ months since prior notice, multiple victims, assigned engineer with zero responses), I am exploring legal remedies in parallel to this technical discussion.
However, my strong preference is a technical resolution - getting PR #17551 reviewed and merged so no other users experience similar harm.
If there are concerns about PR #17551's approach or implementation, I'm eager to collaborate on alternatives. The goal is preventing future incidents, not litigation.
Summary
As requested by @ddworken, I'm filing this issue to track on the backlog.
However, the solution already exists in PR #17551 and is ready for review:
- Implements exactly the approach suggested (TruffleHog/GitLeaks)
- Minimal footprint, non-blocking, zero maintenance
- Addresses a critical security defect with documented $30K+ damages
- Follows up on 7+ months of prior notice (Issue [BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142)
Request: Could we prioritize reviewing PR #17551 rather than adding this to the backlog? The fix is ready and addresses a critical security issue that has already caused significant harm.
Thank you for your consideration.
— Bernard Uriza