Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules

A critical flaw in Anthropic’s Claude Code AI agent allows security rules to be bypassed by padding commands with harmless subcommands, potentially leading to data exfiltration. Anthropic has released a patch, Claude Code v2.1.90, but users are advised to treat deny rules as unreliable and restrict the AI’s privileges.