Anthropic said on Tuesday that a release error led to portions of the internal source code for its AI coding assistant, Claude Code, being unintentionally made public.
Summary
- Anthropic accidentally exposed nearly 500,000 lines of Claude Code’s source code via a packaging error, with files rapidly spreading across GitHub.
- The leak revealed internal architecture and proprietary AI agent instructions but did not include user data or model weights.
- The company has issued around 8,000 takedown requests as concerns grow over security practices and competitive risks.
A file meant for internal use was mistakenly bundled into a software update, pointing to an archive containing roughly 2,000 files and nearly 500,000 lines of code. The material was quickly circulated on GitHub after being discovered, with a post on X sharing access to the files drawing more than 29 million views by early Wednesday. A modified version of the codebase also surged to become one of the fastest-downloaded repositories on the platform.
“Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said, attributing the incident to a packaging mistake rather than a security breach.
The exposed materials largely detailed the tool’s internal architecture, including its command-line interface, agent framework, and development tooling. However, the company said that no user data or model weights tied to its underlying Claude AI system were compromised.
While parts of Claude Code had previously been inferred through reverse engineering, the latest disclosure offered a far more complete view of how the system operates. An earlier version of the assistant had also seen its code exposed in February 2025.
The latest episode adds to a string of recent incidents. A prior report by Fortune indicated that Anthropic had stored thousands of internal files on publicly accessible systems, including a draft blog post referencing unreleased models named “Mythos” and “Capybara”.
Security researchers traced the current leak to a 60MB source-map file embedded in the tool’s npm package, which allowed reconstruction of the full TypeScript codebase. Within hours, developers had begun replicating and analysing the code, uncovering internal techniques used to turn Claude into a functional coding agent.
The disclosure has raised concerns among some experts about internal safeguards at a company that positions itself around AI safety. The availability of detailed implementation methods may also provide rivals such as OpenAI and Google with insights into Claude Code’s design and capabilities. According to The Wall Street Journal, the leaked material included commercially sensitive elements such as proprietary workflows and agent instructions.
In response, Anthropic has moved aggressively to contain the spread, issuing around 8,000 copyright takedown notices targeting repositories and derivative projects hosting the leaked material on GitHub.
By Wednesday morning, April 1, the company had begun efforts to remove both original files and modified versions shared by developers, The Wall Street Journal reported. Anthropic reiterated that the incident stemmed from human error and said additional safeguards are being introduced to prevent a repeat.
Despite those assurances, the episode may weigh on the company’s operational credibility, particularly as it is reportedly preparing for a potential $380 billion initial public offering.
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.
