Potential Claude Security Incident: Self-Sent Password Alerts and Suspicious .NET Process
Incident Details from Reddit Report
A Reddit user on r/ClaudeAI reported a concerning security incident involving Claude. The user's boss logged into Claude at 10:59 AM via an email link sent to their company Outlook account. At 11:00 AM, they received multiple emails about failed attempts to change their internal database password.
The unusual aspects noted in the report:
- The emails were addressed TO the boss FROM the boss's own account
- Normally, such notifications would come from the IT team as automated messages
- By 11:05 AM, the emails had completely vanished from the inbox
- No trace in sent, drafts, or recoverable deletions (screenshots were taken)
System Behavior Observations
When attempting to shut down the system, the OS prevented shutdown because ".NET-BroadcastEventWindow4.0.0.0.1a0e24.0" was still running. The user noted this had never happened before on their company computer.
The user's research indicated that while .NET files are normal Windows components, they can sometimes be malicious. The report mentions the recent Claude code leak as potential context for the incident.
The user's company has instructed the affected employee to shut down the system until IT can investigate. The IT team is currently tied up with a client emergency.
📖 Read the full source: r/ClaudeAI
👀 See Also
Essential File Blocking for AI Coding Assistants: A Practical Security Checklist
AI coding assistants read from your local disk, not just your repository, exposing files that .gitignore protects from GitHub but not from the agent. A Reddit discussion identifies critical files to block including AI assistant configs with API keys, service credentials, SSH keys, and environment files.
Security Concepts for Vibe Coding with Claude Code: Auth, Authorization, and Enforcement
A senior engineer breaks down authentication, authorization, and enforcement for vibe-coded apps using a hotel metaphor — plus how to ask AI agents to verify security.
Static Analysis of 48 AI-Generated Apps: 90% Had Security Vulnerabilities
A developer scanned 48 public GitHub repos built with Lovable, Bolt, and Replit. 90% had at least one vulnerability. Common issues: auth gaps (44%), SECURITY DEFINER Postgres functions (33%), BOLA/IDOR (25%), and committed secrets (25%).
Rules of the Claw: Open Source Security Rule Set for OpenClaw Agents
An open source JSON rule set with 139 security rules that blocks destructive commands, protects credential files, and guards instruction files from unauthorized agent edits. It operates with zero LLM dependency using regex patterns at the tool layer.