My Cursor / Claude Code leaked my Anthropic key — what now?

Updated

Per Lakera Apr 2026: 8% of npm packages with `.claude/` configs had live credentials. Bitwarden CLI Apr 2026 malware specifically hunted these paths. Here's the 10-minute remediation.

You wake up to an Anthropic billing alert: $4,200 in 12 hours. Your usage dashboard shows continuous Claude Opus calls — none of them yours. You search your repo. There it is: `.claude/settings.local.json` committed to git two months ago, with a live sk-ant- key.

What happens next

  1. Minute 0 — confirm + revoke

    Go to console.anthropic.com → API Keys → Revoke the leaked key immediately. Takes effect within seconds.

  2. Minute 0-5 — rotate everywhere

    Generate a new key. Update Vercel / Railway / GitHub Actions / local .env. Audit `.cursor/`, `.continue/` for additional leaked keys (the LLMjacking pool grabbed every key it found).

  3. Minute 5-15 — clean git history

    Force-push alone won't help — the reflog still carries the key. Use `git filter-repo --path '.claude/' --invert-paths` to rewrite history. Audit npm publish history with `npm view <pkg> versions` + grep each tarball for sk-ant-.

  4. Hour 0-24 — billing recovery

    Contact Anthropic billing support within 24h. Documented Claude Opus victim case ran 4.5 days at ~$50K — fraud-reversal is provider-discretion + tighter the faster you respond.

Without Securie

You manually hunt through `.claude/`, `.cursor/`, `.continue/` directories on every developer's machine. You manually clean git history + npm publish history. You hope you got everywhere. Next week another `.claude/settings.local.json` leaks via a different developer.

With Securie

Securie's secret_scanner specialist's `live_validate` step actively probes for `.claude/`, `.cursor/`, `.continue/` directory inclusion in publish artifacts. Combined with the secrets-lifecycle specialist, every commit that adds these dot-dirs to a package gets a critical-severity finding before npm publish — the structural fix.

Exactly what to do right now

  1. Revoke the leaked key at console.anthropic.com immediately
  2. Add `.claude/`, `.cursor/`, `.continue/`, `.cline/` to .gitignore + .npmignore on every project
  3. Run gitleaks pre-commit hook with custom Anthropic-pattern rule (sk-ant-)
  4. Audit npm publish history retroactively — see /leak/anthropic-key-in-claude-config for the full rotation playbook
  5. Read /incidents/claude-code-npm-credentials-2026 + /incidents/bitwarden-cli-credential-hunt-2026 for the canonical research
  6. Install Securie when early access opens — secret_scanner + secrets-lifecycle catch this class structurally