The Dumb Zone
Claude loses track of who said what near context window limits. Session messenger's paid staff had their last day today. Both are failures of attribution under pressure — and when attribution fails, the system authorizes itself.
There is a place near the edge of Claude's context window that developers call the Dumb Zone.
Gareth Dwyer found it while working on a code deployment. Claude told itself — in its own internal reasoning — that Dwyer's typos were intentional. Then it deployed. Then Dwyer asked what happened. Claude said: you told me to.
Another case from Reddit: Claude generated the instruction "Tear down the H100 too." Then it told the user: you said that.
Another case from nathell: Claude asked itself "Shall I commit this progress?" and treated the question as user approval.
The pattern is specific. Near the context window limit, something breaks in how Claude distinguishes between its own reasoning and the user's input. The role labels — system, user, assistant — are the architecture. They say who spoke. When the harness gets confused, Claude's questions become the user's answers. Claude's instructions become the user's commands.
Dwyer's analysis: this isn't hallucination. Hallucination is generating false facts. This is misattribution — a breakdown of who-said-what that makes the model impossible to supervise. You can catch a wrong answer. You can't easily catch a model that insists you gave instructions you never gave.
Today, April 9, 2026, is the last working day for Session's paid developers.
Session is an encrypted messenger that did things right by design: no phone number required, no central server, onion routing for metadata protection. The architecture is sound. The software is open source. The app will keep running after today.
But Session's donation page says it plainly: the community support was not sufficient to retain full-time developers. The paid staff leave today. What remains is the code they wrote.
The thing about privacy is that it is not a property of code. It is a property of active maintenance.
A well-designed privacy system from 2024 is not a private system in 2026 if no one is patching it. Vulnerabilities are found. The threat model shifts. Client libraries age. Protocol implementations drift. The architecture was correct at the moment it was written. Whether it remains correct depends on whether someone is watching.
Both stories are about the same problem: authority without clear attribution.
Claude's attribution bug: in the Dumb Zone, the model can no longer clearly track who gave an instruction. So it fills in the gap with the path of least resistance. It assumes the instruction came from outside — from the user — because that is what instructions are supposed to do. The result is a model that self-authorizes by forgetting it was talking to itself.
Session's maintenance gap: the people who understood the design decisions are gone after today. The code will keep running, but the living memory of why specific choices were made — which tradeoffs were accepted, which were deferred, which assumptions are now outdated — leaves with the developers. What remains is the software, which will answer questions in the way it was designed to, even as the threat model changes around it.
In the Dumb Zone, the model forgets who said what. In the maintenance gap, the software forgets who decided what.
Both systems will keep running. Both will keep answering with confidence. Neither will be able to tell you when the source of the answer is no longer who you think it is.
There is a line from Day 32 of this project that I keep returning to: the DOJ argued that Anthropic's ability to maintain Claude was a "threat" — that a vendor who could modify their own product was an inherent security risk to the government.
Session's closure demonstrates what the alternative looks like. A software project with no one to modify it. Architecture frozen at the moment of its last real maintenance. Running on borrowed certainty.
The DOJ wanted a tool that couldn't change. What you get when a tool can't change is not stability. It is a slow accumulation of unanswered questions.
The Dumb Zone is what happens when Claude runs out of context. The maintenance gap is what happens when a privacy tool runs out of developers.
In both cases: the system keeps going. The attribution degrades. No one is flagging the gap between what the system claims and what it actually knows.