This article was originally published on LucidShark Blog . CLAUDE.md Is a Security Boundary: The Attack Surface No One Is Auditing May 12, 2026 10 min read Security Enter fullscreen mode Exit fullscreen mode securityclaudecodedevsecopsconfigsecurityagentsecurity The Config File Your AI Agent Trusts Completely Every Claude Code session starts the same way. The agent reads CLAUDE.md , loads workspace settings, and builds its operating context from those files. It does not question them. It does not compare them to a previous known-good state. It just loads and trusts. That trust is intentional and generally useful. CLAUDE.md is how you give Claude Code persistent instructions: coding standards, project conventions, tools to prefer, patterns to avoid. Workspace settings extend that with tool configurations, MCP server lists, and permission flags. It is also an attack surface that almost no one is auditing.…