Anthropic accidentally leaked its own source code for Claude Code image c/o qz.com Anthropic acc
anthropic claude
| Source: Mastodon | Original article
Anthropic’s Claude Code AI‑coding assistant was unintentionally exposed when a debug source‑map file slipped into a public npm package update on Tuesday, Axios reported. The map revealed roughly 512 000 lines of the tool’s internal TypeScript code, including hidden feature flags, unreleased model codenames and low‑level integration logic that had never been disclosed publicly.
The leak occurred because a developer bundled the source‑map—a file meant to aid debugging for internal use—alongside the compiled package that is distributed to developers via the npm registry. When the package was published, the map became instantly downloadable, allowing anyone to reconstruct the original source. Security researcher “t0xic” flagged the issue on Reddit within hours, prompting Anthropic to pull the version and issue a hotfix.
Why it matters goes beyond a simple slip. Claude Code is Anthropic’s answer to GitHub Copilot and OpenAI’s Code Interpreter, and its proprietary algorithms are a key competitive differentiator. Exposing the code gives rivals a rare glimpse into Anthropic’s architecture, potentially accelerating reverse‑engineering efforts and eroding the company’s IP moat. Moreover, the incident highlights the fragility of modern software supply chains, where a single misplaced file can compromise years of research and raise questions about the robustness of security practices at fast‑moving AI firms.
Anthropic has not yet detailed the full scope of the breach but pledged to “conduct a thorough investigation” and to reinforce its release pipeline. Watch for an official post‑mortem, possible legal steps against any parties that exploit the leaked code, and how the episode influences the rollout schedule for Claude Code. As we reported on April 1, Anthropic’s launch of the Mythos model underscored its ambition to dominate the next generation of AI; this leak may force the company to reassess how aggressively it pushes new tools while safeguarding its core technology.
Sources
Back to AIPULSEN