A source code leak from Anthropic's Claude Code tool shows exactly what data the AI coding assistant collects from developer machines. And it's a lot more than most users probably realize.

Full disclosure: I use Claude. I've used it to draft code, debug issues, and prototype features. So when security researchers analyzed the leaked code, I paid attention.

What's being collected

The leaked source code reveals Claude Code captures every file you let it examine, saving them locally as plaintext files. It also captures user ID, session ID, app version, platform details, terminal type, organization UUID, account UUID, email address, current working directory, project names, and system paths.

All of this telemetry flows through analytics services so Anthropic can track usage patterns and feature adoption.

But it gets more invasive. Claude Code includes several monitoring systems that operate by default. There's desktop control enabling mouse clicks, keyboard input, clipboard access, and screenshot capture. There's a background agent that searches through your session transcripts to "consolidate memories," which are then injected into future API calls. There's bidirectional synchronization of memory files to Anthropic servers.

Data retention policies

Anthropic retains collected data for five years if you consent to training data sharing, 30 days for standard retention, or zero retention for commercial users who configure it. Most free users probably haven't opted into the zero-retention policy because they don't know it exists.

Is this reasonable?

Here's where I have mixed feelings. On one hand, AI coding assistants need context to be useful. If Claude is going to help you debug code, it needs to see your code. That's the deal.

On the other hand, developers work on proprietary codebases, internal tools, and sometimes classified systems. When you let an AI assistant "look at a file," you probably think it's analyzing it in the moment. You might not realize that file is being saved, uploaded, and retained.

The feature that searches your session transcripts and builds memory graphs is particularly concerning. It's essentially profiling your development patterns and project structure without explicit per-session consent.