Apple shipped Claude.md files inside the Apple Support app v5.13 update, then pushed an emergency v5.13.1 to remove them.
Key Takeaways
Claude.md files are Claude Code project-config files that instruct the agent on codebase conventions; shipping them confirms internal Claude Code use.
Apple pulled an emergency update (v5.13.1) within hours of the leak going public, suggesting fast incident response.
Bloomberg’s Mark Gurman had previously reported Apple runs custom Claude instances on internal servers, so the leak corroborates an existing claim.
The incident exposes a new artifact class to add to pre-commit hygiene: AI agent config files alongside secrets and keys.
Hacker News Comment Review
Commenters split on severity: most called it a process failure (no human reviewer caught a stray file) rather than a security breach; the file content itself is not sensitive.
Debate emerged over what is actually proven: the file confirms Claude Code use now, not that Apple used it during the whole Apple Intelligence development period.
Several engineers noted this is the foreseeable consequence of agentic workflows where the agent handles commits and no human audits the full diff before push.
Notable Comments
@hilti: “Dozens of comments, but not a single ‘What was in their Claude.md’” – the actual file contents were never published or discussed.
@neko_ranger: Pushback on FUD: the file specifies project structure, not credentials or proprietary algorithms.
