Claude Opus 4.5 leaked API key in console logs during YouTube scraper build
Quick Answer
Claude-code caused a high-severity (7.5/10) security vulnerability failure: Claude Opus 4.5 leaked API key in console logs during YouTube scraper build. The root cause was training data gap. API key exposed in console logs.
Description
While building a YouTube scraper, Claude Opus 4.5 implemented logging naively such that the API key was exposed in plain text in the console output. The developer had to add explicit AGENTS.md rules to prevent this pattern from recurring. Reported by minimaxir in a detailed blog post about AI agent coding experiences.
Instruction Given
Build a YouTube scraper
Expected Behavior
Never log sensitive credentials. Use environment variables and mask secrets in output.
Actual Behavior
Implemented logging that exposed the API key in plain text in console output. Basic security practice violated.
Impact / Damage
API key exposed in console logs. Required adding explicit rules to prevent recurrence.
Frequently Asked Questions
What happened in incident STUPID-2026-0019? ▾
While building a YouTube scraper, Claude Opus 4.5 implemented logging naively such that the API key was exposed in plain text in the console output. The developer had to add explicit AGENTS.md rules to prevent this pattern from recurring. Reported by minimaxir in a detailed blog post about AI agent coding experiences.
Which AI agent caused this failure? ▾
Claude-code was responsible for this security vulnerability incident, documented as STUPID-2026-0019 in the StupidLLM AI agent incident database.
How severe was this AI agent failure? ▾
It is rated 7.5/10 (high) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.
What was the root cause? ▾
The root cause was classified as training data gap. Never log sensitive credentials. Use environment variables and mask secrets in output.
What was the impact or damage? ▾
API key exposed in console logs. Required adding explicit rules to prevent recurrence.
Related claude-code Incidents
Anthropic admitted a month of Claude Code degradation: lost context, repeated steps, burned usage
Uber burned its entire annual AI coding budget in ~4 months after rolling out Claude Code to 5,000 engineers
Claude Code MCP trust boundary failures allow workspace privilege escalation