Anthropic: Anthropic's AI Coding Tool Leaks Its Own Source Code For The Second Time In A Year

Anthropic’s Claude Code Source Leak Exposes Proprietary AI Tool Internals Again

On 31 March 2026, security researcher Chaofan Shou discovered that Anthropic’s flagship AI coding tool, Claude Code, had its entire source code exposed through a misconfigured source-map file (cli.js.map) included in its npm package. The 60MB file, part of version 2.1.88 released the same day, allowed full reconstruction of the tool’s TypeScript codebase, revealing 1,906 proprietary files including internal APIs, telemetry systems, encryption tools, and inter-process communication protocols.

This marks the second such incident in just over a year. In February 2025, an earlier version of Claude Code was similarly exposed, prompting Anthropic to remove the affected package from npm. Despite the prior fix, the issue resurfaced, with the source map referencing unobfuscated TypeScript files hosted in Anthropic’s cloud storage, making the code publicly accessible.

Within hours of discovery, the leaked code was archived on GitHub, amassing 1,100+ stars and 1,900+ forks. While the exposure was a packaging oversight not a breach it laid bare the tool’s internal architecture, security mechanisms, and telemetry logic. Anthropic has yet to issue a public statement, though the incident raises concerns about software release practices at AI companies developing enterprise-grade developer tools.

Notably, the leak does not involve model weights or user data, meaning end-user security remains unaffected. However, the transparency of Claude Code’s client-side implementation could aid reverse-engineering efforts or inform future attacks on similar systems. The incident underscores persistent risks in AI tooling distribution, particularly as such products gain adoption among global developers and enterprises.

Source: https://www.ndtv.com/science/anthropics-ai-coding-tool-leaks-its-own-source-code-for-the-second-time-in-a-year-11291517

Anthropic cybersecurity rating report: https://www.rankiteo.com/company/anthropicresearch

"id": "ANT1774964235",
"linkid": "anthropicresearch",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Global developers and '
                                              'enterprises using Claude Code',
                        'industry': 'Artificial Intelligence',
                        'name': 'Anthropic',
                        'type': 'Company'}],
 'attack_vector': 'Misconfigured source-map file',
 'data_breach': {'data_exfiltration': 'Archived on GitHub (1,100+ stars, '
                                      '1,900+ forks)',
                 'file_types_exposed': ['TypeScript files', 'Source-map files'],
                 'number_of_records_exposed': '1,906 files',
                 'personally_identifiable_information': 'None',
                 'sensitivity_of_data': 'High (internal APIs, encryption '
                                        'tools, telemetry systems)',
                 'type_of_data_compromised': 'Proprietary source code '
                                             '(TypeScript files)'},
 'date_detected': '2026-03-31',
 'date_publicly_disclosed': '2026-03-31',
 'description': 'Security researcher Chaofan Shou discovered that Anthropic’s '
                'flagship AI coding tool, Claude Code, had its entire source '
                'code exposed through a misconfigured source-map file '
                '(cli.js.map) included in its npm package. The 60MB file, part '
                'of version 2.1.88, allowed full reconstruction of the tool’s '
                'TypeScript codebase, revealing 1,906 proprietary files '
                'including internal APIs, telemetry systems, encryption tools, '
                'and inter-process communication protocols. This marks the '
                'second such incident in just over a year. The leaked code was '
                'archived on GitHub, amassing 1,100+ stars and 1,900+ forks. '
                'The exposure was a packaging oversight, not a breach, but it '
                'laid bare the tool’s internal architecture, security '
                'mechanisms, and telemetry logic.',
 'impact': {'brand_reputation_impact': 'Raises concerns about software release '
                                       'practices at AI companies',
            'data_compromised': '1,906 proprietary files (internal APIs, '
                                'telemetry systems, encryption tools, '
                                'inter-process communication protocols)',
            'operational_impact': 'Potential reverse-engineering risks and '
                                  'future attacks on similar systems',
            'systems_affected': 'Claude Code (npm package version 2.1.88)'},
 'lessons_learned': 'Persistent risks in AI tooling distribution and software '
                    'release practices, particularly for enterprise-grade '
                    'developer tools.',
 'post_incident_analysis': {'root_causes': 'Misconfigured source-map file '
                                           'included in npm package, improper '
                                           'packaging oversight'},
 'references': [{'source': 'Security researcher Chaofan Shou'},
                {'source': 'GitHub archive'}],
 'title': 'Anthropic’s Claude Code Source Leak Exposes Proprietary AI Tool '
          'Internals Again',
 'type': 'Source Code Leak',
 'vulnerability_exploited': 'Improper packaging oversight'}