Anthropic Accidentally Leaks Claude Code Source, Exposing Internal AI Systems
Anthropic has inadvertently leaked the source code for Claude Code, its widely adopted AI-powered coding assistant, exposing roughly 500,000 lines of code across 1,900 files. The incident, confirmed by the company as a "release packaging issue" caused by human error, occurred when internal code was mistakenly uploaded to NPM a platform for software distribution instead of the final, compiled version.
The leak follows a separate accidental disclosure earlier this month, in which a draft blog post revealed details about Mythos (also referred to as Capybara), an upcoming AI model described as more powerful and potentially more dangerous than Anthropic’s current flagship, Opus. While the latest breach did not expose model weights or customer data, cybersecurity experts warn it could allow competitors to reverse-engineer Claude Code’s underlying "agentic harness" the software layer that governs the AI’s behavior, tool integration, and safety guardrails. This could enable the creation of open-source alternatives or help rivals refine their own AI systems.
Security researcher Roy Paz of LayerX Security noted that the leaked code also provided further evidence of Capybara, Anthropic’s next-generation model, which is expected to surpass Opus in capability and cost. The draft blog post previously described it as a new tier, with "fast" and "slow" variants likely replacing Opus as the company’s most advanced offering. Paz highlighted concerns that the exposed code may reveal vulnerabilities in how Claude Code interacts with Anthropic’s internal systems, potentially allowing malicious actors including nation-states to exploit the AI for cyberattacks or bypass existing safeguards.
Anthropic’s Opus model is already classified as a high-risk tool due to its ability to autonomously identify zero-day vulnerabilities, a capability that could be weaponized by threat actors. This is not the first time the company has faced such an exposure; in February 2025, an early version of Claude Code was similarly leaked, revealing internal workings and system connections before being removed.
The company has stated it is implementing measures to prevent future incidents but has not disclosed further details. The leak underscores the challenges of securing proprietary AI systems as adoption and scrutiny of advanced models continues to grow.
Anthropic cybersecurity rating report: https://www.rankiteo.com/company/anthropicresearch
"id": "ANT1774981746",
"linkid": "anthropicresearch",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Artificial Intelligence',
'name': 'Anthropic',
'type': 'Company'}],
'attack_vector': 'Human Error (Misconfiguration)',
'data_breach': {'file_types_exposed': 'Source code files',
'number_of_records_exposed': '1,900 files',
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'High (proprietary AI code, agentic '
'harness, internal system connections)',
'type_of_data_compromised': 'Source code, internal AI system '
'details'},
'description': 'Anthropic has inadvertently leaked the source code for '
'*Claude Code*, its widely adopted AI-powered coding '
'assistant, exposing roughly 500,000 lines of code across '
'1,900 files. The incident, confirmed by the company as a '
"'release packaging issue' caused by human error, occurred "
'when internal code was mistakenly uploaded to NPM, a platform '
'for software distribution, instead of the final, compiled '
'version. The leak follows a separate accidental disclosure '
'earlier this month, in which a draft blog post revealed '
'details about *Mythos* (also referred to as *Capybara*), an '
'upcoming AI model described as more powerful and potentially '
'more dangerous than Anthropic’s current flagship, *Opus*. '
'While the latest breach did not expose model weights or '
'customer data, cybersecurity experts warn it could allow '
'competitors to reverse-engineer *Claude Code*’s underlying '
"'agentic harness'—the software layer that governs the AI’s "
'behavior, tool integration, and safety guardrails. This could '
'enable the creation of open-source alternatives or help '
'rivals refine their own AI systems.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': '500,000 lines of source code across 1,900 '
'files',
'operational_impact': 'Potential reverse-engineering of AI systems '
'by competitors or malicious actors',
'systems_affected': 'Claude Code AI-powered coding assistant, '
'internal AI systems'},
'post_incident_analysis': {'corrective_actions': 'Measures to prevent future '
'incidents (details '
'undisclosed)',
'root_causes': 'Human error in release packaging '
'process'},
'references': [{'source': 'LayerX Security (Roy Paz)'}],
'response': {'communication_strategy': 'Public disclosure and acknowledgment '
'of the incident',
'containment_measures': 'Code removed from NPM',
'remediation_measures': 'Implementing measures to prevent future '
'incidents'},
'title': 'Anthropic Accidentally Leaks Claude Code Source, Exposing Internal '
'AI Systems',
'type': 'Data Leak'}