Source Code of Claude Code Accidentally Exposed by Anthropic
Anthropic has inadvertently disclosed the source code pertaining to its widely utilized coding tool, Claude Code.
This security breach materialized just days after Fortune reported the company had mistakenly made nearly 3,000 files accessible to the public, which included a preliminary blog post outlining a formidable upcoming model rife with significant cybersecurity implications.
This model is internally designated as both “Mythos” and “Capybara,” according to the blog post procured by Fortune.
The compromised code revealed approximately 500,000 lines scattered across roughly 1,900 files. Upon inquiry, Anthropic acknowledged that some internal source code had indeed been leaked in conjunction with a “Claude Code release.”
A company representative stated: “No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We are implementing measures to avert such incidents in the future.”
This latest data exposure poses a potentially greater threat to Anthropic than the prior accidental leak of its draft blog post concerning the forthcoming model.
Although this security mishap did not disclose the weights integral to the Claude model, it afforded individuals with technical acumen the opportunity to glean further internal information from the company’s codebase, according to a cybersecurity expert consulted by Fortune.
Claude Code stands out as perhaps Anthropic’s most acclaimed product, witnessing a remarkable uptick in adoption among large enterprises.
Notably, certain functionalities of Claude Code arise not merely from the underlying large language model but also from an engaging software “harness” that frames the foundational AI, guiding it in the utilization of supplementary software tools and imposing essential parameters that dictate its functionality. The source code for this pivotal harness has now emerged in the public domain.
The exposure allows potential competitors to reverse-engineer the operational mechanics of Claude Code’s agentic harness, thereby leveraging this knowledge to enhance their own offerings.
Moreover, some developers may endeavor to construct open-source variants of Claude Code’s agentic harness based on the revealed code.
In addition, the leak serves as further validation that Anthropic is in the throes of unveiling a new model, internally referred to as Capybara, based on insights from Roy Paz, a senior AI security researcher at LayerX Security.
Paz posited that the company might unveil both a “fast” and a “slow” variant of the new model, reflecting its purportedly larger context window, thereby establishing itself as the most advanced model currently available.
Presently, Anthropic markets its models in three distinct sizes. The most substantial and proficient iterations are labeled Opus; faster and more economical, albeit less capable, versions are identified as Sonnet; and the smallest, most affordable, and quickest are termed Haiku.
In the draft blog post acquired by Fortune last week, Anthropic characterizes Capybara as a new echelon of model, even larger and more adept than Opus, albeit also more costly.
The recent leak, first revealed in an X post, appears to have occurred after Anthropic uploaded the complete original code of Claude Code to NPM, a platform utilized by developers to share and refresh software, rather than merely the finalized version that operating systems utilize.
This oversight seems to stem from human error, wherein an individual opted for a shortcut that circumvented the standard release protocols, as indicated by Paz. Anthropic maintained to Fortune that standard release safeguards were not bypassed.
“Typically, large corporations implement stringent processes and multiple verifications before code is deployed, akin to a vault requiring several keys to access,” he remarked to Fortune.
“In the case of Anthropic, it appears that these safeguards were inadequate, leading to a single misconfiguration or misclick that inadvertently exposed the entire source code.”
Paz also raised pertinent concerns regarding the potential for the tool to access Anthropic’s internal systems.
He suggested that the more pressing issue might not be direct access to backend models, but rather that the leaked code could divulge confidential details about the operational intricacies of the systems, such as internal APIs and processes.
He stated that this kind of information could empower sophisticated entities to better comprehend the architecture of Anthropic’s models and their deployment, which could facilitate attempts to circumvent existing safeguards.
Currently, Anthropic’s most formidable model, Claude 4.6 Opus, is already classified by the company as posing notable risks regarding cybersecurity.
Anthropic has asserted that its Opus models are capable of autonomously identifying zero-day vulnerabilities within software.
While these capabilities are intended to aid firms in detecting and rectifying flaws, they could also be weaponized by cybercriminals, including state-sponsored actors, to exploit vulnerabilities.
This incident is not a first for Anthropic, as the company previously leaked details concerning its acclaimed Claude Code tool.
In February 2025, an initial iteration of Claude Code inadvertently exposed its original code during a similar lapse, revealing operational details and its integration with Anthropic’s internal systems. The company subsequently retracted the software and removed the public code.
Source link: Aol.com.
