Anthropic accidentally shipped internal source code for its Claude Code developer tool, briefly exposing a massive chunk of the product’s engineering in a single packaging flub. The company insists the slip did not include customer data or credentials, but the recovered code has already been mirrored and dissected across developer forums. The incident has triggered takedown efforts, fresh security warnings and pointed questions about operational controls at one of the Bay Area’s highest-profile AI outfits.
According to the Los Angeles Times, the bad release exposed roughly 1,900 files and about 512,000 lines of TypeScript tied to Claude Code. Just days earlier, Fortune reported that Anthropic had left nearly 3,000 unpublished assets sitting in a publicly accessible content store, including a draft describing an unreleased model called Claude Mythos, internally nicknamed “Capybara.” Together, the two exposures have dialed up scrutiny on a company that built its reputation on safety and now has to contend with legal and commercial blowback.
How the release happened
The leak traces back to a packaging mistake. A large source-map file, essentially a debugging artifact, slipped into version 2.1.88 of the @anthropic-ai/claude-code package on the npm registry. That map pointed straight to an archive on Anthropic’s cloud storage. Security researcher Chaofan Shou spotted the file, flagged it on X, and posted a download link. Within hours, the source-map enabled reconstruction of readable TypeScript, and multiple mirrors of the code began popping up on GitHub, according to Axios.
What the code revealed
Developers who pulled apart the reconstructed files say Claude Code is far more than a simple command-line helper. The internal source showed dozens of feature flags and orchestration pieces, with references to an always-on KAIROS daemon, a multi-agent coordinator, layered memory systems and a built-but-unreleased gamified “Buddy” feature. Those details effectively map how Claude Code manages permissions, tools and long-running context, giving both competitors and potential attackers a detailed view of its internals, according to TechSpot.
Security and legal fallout
Security specialists warn that having this much internal logic out in the open makes it easier to probe Claude Code’s context-management pipeline and to craft payloads that can persist across sessions. That risk was underscored by experts quoted in the Los Angeles Times. The timing also complicates Anthropic’s existing fight with Washington: the Pentagon recently labeled the company a supply-chain risk, and Anthropic has gone to court to challenge that designation, per the Washington Post. The leak is now part of a broader debate over government contracts and customer confidence.
Anthropic's response and next steps
Anthropic has characterized the incident as a release packaging error and says it is rolling out safeguards to keep it from happening again. Reporting indicates the company pulled the affected package from npm, sent takedown notices and pushed a cleaned replacement build. Engineers and customers will now be keeping an eye out for tougher artifact scanning, stricter CI/CD gates and generally hardened release practices, according to Axios.
What comes next bears close watching: whether courts narrow or uphold the supply-chain designation, how quickly Anthropic tightens its build and storage controls and whether the Mythos, or “Capybara,” launch schedule is delayed or reshaped by the leak. For San Francisco’s tech crowd, the episode is a blunt reminder that operational hygiene and release engineering now matter just as much as headline-grabbing model safety work.
