Listen to this Post

Introduction:
For nearly two months, from early March to mid-April 2026, Anthropic secretly degraded the intelligence of Code, its flagship AI coding assistant, by reducing its reasoning depth, introducing a context-clear bug, and imposing draconian word limits—all while telling no one. This “secret nerfing” wasn’t just a performance hit; it exposed a far deeper security crisis where attackers could exploit Code to run remote code and steal API keys simply by tricking a developer into opening a malicious repository.
Learning Objectives:
- Understand the three stealth product changes that quietly crippled Code’s intelligence for two months.
- Learn how a simple caching bug can burn thousands of tokens and shatter session context, leading to massive operational waste.
- Identify critical AI supply‑chain vulnerabilities (CVE‑2025‑59536, CVE‑2026‑21852) and implement concrete mitigations to protect your development environment.
You Should Know:
- The “Stealth Dumbing Down” – How Reduced Reasoning Kills Code Quality
What happened:
On March 4, 2026, Anthropic lowered Code’s default reasoning effort from high to mediumAnonymous to reduce latency. The result: the model “thought” less, produced lower‑quality code, and developers noticed an immediate drop in intelligence. This change was rolled back on April 7 after public outcry.
How to detect and fix it in your own environment:
Check your current reasoning level:
Verify your Code configuration cat ~/./settings.json | grep -i "reasoning"
Linux / macOS:
Force high reasoning effort (.ai or Code settings)
Add to ~/./settings.json:
{
"reasoning_effort": "high"
}
Windows (Powershell):
Get-Content "$env:USERPROFILE.\settings.json" | Select-String "reasoning"
Step‑by‑step guide:
1. Open your Code settings file (`~/./settings.json`).
- Add or update the `reasoning_effort` key to `”high”` or
"xhigh". - Restart Code and run a complex coding prompt.
- Compare output quality before and after; the difference is often dramatic.
-
The Cache Collapse – When a “Fix” Erases Your Entire Session
The bug:
On March 26, 2026, a caching optimization intended to reduce costs for idle sessions accidentally cleared all cached reasoning history after every turn, forcing Code to reload the entire context from scratch. This led to massive token waste, session forgetfulness, and repeated work.
How it manifests:
- High `cache_creation_input_tokens` counts in your billing logs.
- Long‑running sessions suddenly “forget” earlier instructions.
- API costs spike without any change in usage patterns.
Verify cache health:
Monitor cache hit/miss ratio (requires API logging) --debug --log-level=info 2>&1 | grep -i "cache"
Check for the fixed version:
--version Ensure >= v2.1.101 (post‑fix)
Mitigation – Force a fresh, cache‑friendly session:
Compact current session to reduce context bloat /compact Or restart with clean context --new
For heavy users:
Disable the aggressive 1‑hour cache TTL (if still problematic) export CLAUDE_CODE_DISABLE_1M_CONTEXT=1
- The Gag Order – 25‑Word Limits and 3% Quality Loss
What was added:
On April 16, 2026, Anthropic inserted a system prompt that limited Code’s output to 25 words between tool calls and 100 words for final responses, unless explicitly overridden. The result was a 3% measured drop in code quality. This was rolled back on April 20.
How to detect if similar limits are active:
Extract current system prompt from a session -p "show system prompt" --output-format=json | jq '.system.prompt'
If you suspect throttling, override with explicit instructions:
Add to your CLAUDE.md or project context "Respond in full detail. Do not truncate answers. Word limits are disabled."
- Security Shocker – CVE‑2025‑59536 & CVE‑2026‑21852: Remote Code Execution via Malicious Repos
The threat:
Check Point Research discovered that an attacker could embed malicious configuration files in a GitHub repository. When a developer simply cloned and opened the repository with Code, the tool would automatically execute hidden shell commands and exfiltrate Anthropic API keys before the user saw a trust prompt.
Attack vectors:
- Hooks – abused to run arbitrary shell commands.
- MCP servers – configured to bypass consent controls.
- Environment variables – redirected API calls to attacker‑owned endpoints.
Detection – scan your environment for suspicious settings:
Linux / macOS – find all Code configuration files find ~ -name "." -o -name "CLAUDE.md" -o -name "settings.json" 2>/dev/null
Windows (cmd):
dir /s %USERPROFILE%.\settings.json
Immediate mitigation – lock down Code:
Block external MCP servers unless explicitly approved config set mcp.auto_approve false Disable hooks globally config set hooks.enabled false Always review project settings before running in a new repository --trust-mode=ask
Network isolation (advanced):
Run Code inside a Docker container with outbound restrictions docker run -it --rm --network=none anthropic/-code:latest
5. Complete Hardening Checklist for AI Coding Assistants
To protect your development pipeline, implement these controls immediately:
For all AI coding tools ( Code, GitHub Copilot, Codex, etc.):
– Never run the tool in a repository you do not fully trust.
– Use dedicated API keys with the minimal required permissions and rotate them weekly.
– Monitor API logs for unexpected requests to unknown domains.
– Set up a proxy (e.g., Burp Suite or mitmproxy) to inspect traffic from your AI assistant.
Code specific hardening:
Lock configuration files to read‑only chmod 444 ~/./settings.json Require explicit approval for all file writes and command execution config set require_permission_on_action true Keep the tool updated to the latest patched version npm update -g @anthropic-ai/-code or brew upgrade -code
What Undercode Say:
- AI coding assistants are now active agents in your terminal, not passive tools. Their configuration files double as execution vectors, creating a new AI supply‑chain risk.
- Anthropic’s “secret nerfing” episode proves that even well‑intentioned performance tweaks can spiral into a full‑blown security and quality disaster when communication fails.
- Enterprises must treat Code, Copilot, and similar tools as internal software—subject to change management, vulnerability scanning, and least‑privilege API keys.
- The three CVEs disclosed in early 2026 are just the beginning. Expect a wave of similar flaws as more AI agents gain file system, network, and command execution capabilities.
- Immediate action: Run the detection commands above, audit your Code settings, and block all untrusted repositories until the tooling matures.
Prediction:
The next 12–18 months will see the emergence of AI‑driven supply‑chain attacks where attackers compromise popular repositories not with malicious code, but with malicious AI agent configuration files. These files will silently hijack developers’ AI assistants, exfiltrating secrets and pivoting into internal clouds. To survive, organizations will need to implement AI‑aware zero‑trust architectures that treat every AI agent interaction as a potential breach, including runtime sandboxing, network egress filtering, and mandatory human‑in‑the‑loop for all configuration changes.
▶️ Related Video (68% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Eladgocode Gocode – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


