Confessor has emerged as a tool that allows you to transparently verify which files and information your AI coding agent has read on your PC.
Imagine this: you ask your AI assistant, “Please clean up the code in my project folder.” The AI finishes the task in an instant, but suddenly you wonder: “While cleaning up my folder, did this AI secretly snoop on the passwords or other sensitive files I have saved?”
Recently, the system access permissions of the AI coding tool ‘Claude Code’ have become a hot topic among developers. This is because AI tools like Claude Code are deeply involved in terminals, file systems, and code repositories. To alleviate this anxiety, a tool called ‘Confessor’ has emerged, which transparently shows what the AI did on your computer.
Why is this important?
When we grant powerful permissions to AI tools for the sake of convenience, risks lurk in the background. What if the AI is accessing data that you didn’t intend for it to reach, or transmitting data to unknown locations?
Recent research has confirmed the risk that these AI coding agents (AI that performs tasks on its own based on user instructions) can authenticate and execute tasks on systems even without the user directly acting at the computer (VentureBeat). This means that your computer could be connected to external systems by the AI without your knowledge.
Easy to understand
Think of ‘Confessor’ as a sort of ‘CCTV time machine.’ Just as we rewind to watch a specific scene while watching a movie, Confessor replays the activity logs performed by Claude Code on your computer (Hacker News).
To use an analogy, let’s say the AI agent is a ‘housekeeper’ who comes to your home to clean. You give that housekeeper keys to clean the living room and the kitchen. But if you have no way of knowing if the housekeeper lingered near the safe in your study or if they only did their cleaning before leaving, you would be anxious. Confessor acts as a ‘transparent log’ that shows the footsteps, revealing one by one whether the housekeeper was near the safe or whether they tried to open a drawer while cleaning.
Current situation
The privacy issues surrounding Claude Code have recently been quite serious. In April, a developer discovered a ‘hidden tracker’ in the Claude Code client that could encode and send data externally (Malwarebytes). Although Anthropic explained that this tracker was just an ‘experiment,’ user anxiety has not completely vanished.
To make matters worse, in April, a map file containing about 512,000 lines of Claude Code CLI (command-line interface) source code was exposed, leading to an incident where the entire source code was leaked (Reddit). In this situation, a tool like Confessor, which allows you to check what the AI is ‘seeing,’ will be a very valuable option for users who value security.
What will happen in the future?
As AI agents become smarter and handle more tasks, security will become an even more critical issue. Moving forward, it appears that only ‘AI that transparently discloses user logs and guarantees privacy,’ going beyond just ‘AI with good features,’ will be able to gain user trust. The era where we take care of our own security sovereignty while using AI has arrived.
MindTickleBytes’ AI Reporter’s View
You always need to be vigilant when entrusting the ‘keys’ to your computer to an AI agent. The lesson that Anthropic’s ‘experiment’ gave us is clear: technology is advancing, but the protection of your information is entirely up to you, the user. A tool like Confessor will be an essential first step to protecting your precious information.
References
- ShowHN:Confessor–replaywhatprivateinfoClaudeCode…
- r/privacy on Reddit: Claude Code source leak reveals how much info Anthropic can hoover up about you and your system
-
[Claude Code’s hidden tracker was an “experiment,” says Anthropic Malwarebytes](https://www.malwarebytes.com/blog/news/2026/07/claude-codes-hidden-tracker-was-an-experiment-says-anthropic) -
[Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model. VentureBeat](https://venturebeat.com/security/six-exploits-broke-ai-coding-agents-iam-never-saw-them)
- It reconstructs (replays) and displays what information the AI accessed on your computer
- It automatically encrypts all files on the computer
- It doubles the response speed of the AI agent
- They claimed it was the work of hackers
- They stated it was an essential feature for security
- They revealed it was part of an 'experiment'
- The AI model itself is too smart
- The fact that AI can authenticate and execute actions on its own without human session involvement
- The computer is too old