Tags: source code leak

Anthropic unintentionally exposed the source code for its Claude Code tool, prompting a flood of GitHub reposts. Security researchers discovered that many of the copies include hidden infostealer malware, turning a simple code leak into a broader threat. The company has issued copyright takedown notices, trimming the number of repositories from over 8,000 to under 100. The episode follows earlier attempts to lure users with fake installation guides that also delivered malicious payloads. Read more

Anthropic unintentionally triggered a massive takedown of GitHub repositories while trying to remove copies of its Claude Code command‑line application source code. The company’s notice initially affected roughly 8,100 repositories, including legitimate forks of its own public repo. After recognizing the overreach, Anthropic retracted the notice, limiting it to a single repository and 96 forks. The incident has drawn criticism, raised compliance concerns ahead of a planned IPO, and sparked speculation about potential shareholder lawsuits. Read more

The recent leak of Anthropic’s Claude Code source exposed more than half a million lines of code and uncovered dormant features that hint at the company’s roadmap. Analysts identified a disabled “Kairos” daemon designed to run in the background, using periodic prompts and a “PROACTIVE” flag to surface information without user request. The code also references an “AutoDream” system that would consolidate and prune memory files during idle periods, creating a persistent, organized knowledge base across sessions. These findings suggest Anthropic is experimenting with continuous‑state AI and automated memory management. Read more

Anthropic confirmed that an employee error caused the Claude Code AI assistant source code to be exposed through a map file in its npm package. The leak included roughly 1,900 TypeScript files containing over 500,000 lines of code stored in a Cloudflare R2 bucket. Anthropic emphasized that no customer data or credentials were compromised and described the incident as a packaging mistake rather than a security breach. The company said it is implementing safeguards to prevent similar errors, while the leak was quickly mirrored on GitHub amid ongoing discussions about recent Claude vulnerabilities and high user demand. Read more

Anthropic unintentionally published internal source files for its Claude Code AI coding tool when releasing version 2.1.88 to the public npm registry. The mistake included a source map that revealed more than 500,000 lines of code across nearly 2,000 files. Security researcher Chaofan Shou shared an archive link on X, generating massive attention. Anthropic confirmed the leak as a human error, emphasized that no customer data or credentials were exposed, and said it is taking steps to prevent a recurrence. The incident offers developers a rare glimpse into the tool’s architecture while raising security concerns for the company. Read more

A recent packaging error released more than 512,000 lines of Claude Code’s source code, exposing unreleased features such as a Tamagotchi‑style coding pet and an always‑on background agent called KAIROS. Anthropic clarified that no customer data was compromised and called the incident a human‑error mistake, while analysts warned that the leak could aid bad actors and highlight the need for stronger operational safeguards. Read more

Anthropic inadvertently released the full source code for its Claude Code command‑line interface when a recent npm package included a source‑map file. The leak made nearly 2,000 TypeScript files and over half a million lines of code publicly available. Security researcher Chaofan Shou highlighted the issue, and the code quickly spread across GitHub. Anthropic confirmed the error was a packaging mistake, not a breach of customer data, and said it is implementing safeguards to prevent recurrence. Developers have begun dissecting the code to understand Claude Code’s architecture. Read more