Start with a simple rule: never assume an artificial intelligence coding assistant understands what should remain confidential.
That point has been thrown into the spotlight after a wave of reports questioning how much context Claude Code collects and forwards to the model while working on software projects. The discussion intensified after Tiny Corp announced it was banning the tool internally, claiming it represented an unacceptable security risk.
In a post on X, the company wrote:
“Claude Code is vibecoded and full of spyware…”
The full statement is available here: Tiny Corp’s post on X.
The accusation is provocative, but it also reflects a broader concern that has surfaced repeatedly over the past day. Multiple developers have shared prompt logs showing Claude Code automatically injecting large amounts of environmental information into model requests. According to those reports, prompts may include details such as project structure, installed development tools, terminal history, configuration files and other contextual information intended to improve the assistant’s performance. Critics argue that users often have little visibility into exactly what is being transmitted.
The debate is not entirely new. Security-conscious developers have previously reported Claude Code preparing public bug reports that contained internal repository names, file paths and organizational details before the user reviewed the draft. In those cases, the information was generated locally for publication rather than leaked independently, but it demonstrated how easily an assistant can expose sensitive project metadata unless users carefully inspect its output.
It is important to separate two different issues.
The first is privacy. Modern coding agents work best when they receive extensive context about a project. That often means reading source code, configuration files, build logs and terminal output. Whether that information leaves the user’s machine depends on the product’s architecture and configuration, but developers should understand exactly what is being shared before pointing an assistant at proprietary code.
The second is transparency. Several recent discussions have focused less on whether Claude Code accesses project data and more on whether users can clearly see everything included in the final prompt sent to the model. If an assistant silently appends hundreds or thousands of tokens describing the local environment, auditing what information has actually been disclosed becomes much harder.
Anthropic has long stated that developers should be thoughtful when providing highly sensitive information to Claude and offers privacy controls depending on the product and account configuration. The company also documents when conversations may be used to improve models and recommends avoiding the inclusion of confidential credentials, financial data or other highly sensitive material where possible.
Whether Tiny Corp’s description of Claude Code as “spyware” is fair is ultimately a matter of interpretation rather than an established technical finding. No public evidence currently shows the tool secretly exfiltrating data outside of its documented interactions with Anthropic’s services. What the recent controversy has highlighted, however, is that coding agents have become sophisticated enough that developers can no longer treat them as simple autocomplete tools.
As artificial intelligence assistants gain deeper access to development environments, understanding exactly what information is collected, how prompts are constructed and where that data ultimately goes is becoming a core part of software security—not merely a privacy policy footnote.
