Claude Source Code Leak Reveals Anthropic’s Secret Plans

Anthropic has accidentally exposed more than 500,000 lines of source code for one of its flagship Claude models, allowing researchers, competitors, and hackers a window into the AI giant’s inner workings.

First spotted by a security researcher on X, around 1,900 files and 513,000 lines of code relating to the architecture of Anthropic’s Claude Code agentic coding tool were inadvertently released when an internal-use source map file was included in a routine npm package update.

The code was quickly mirrored on GitHub, where it fast became one of the software platform’s most‑downloaded repositories, forked tens of thousands of times despite Anthopic racing to contain the leak by issuing more than 8,000 takedown requests.

The AI developer told Bloomberg in an emailed statement that “no sensitive customer data or credentials were involved or exposed,” with the slip‑up “a release packaging issue caused by human error, not a security breach.”

While Claude Code’s source code wasn’t a total black box, with the tool having been reverse-engineered by third-party developers last year, the leak has given unprecedented insight into Claude’s design and Anthropic’s plans.

After putting the source code under a microscope, researchers claimed to have found markers for more than twenty as yet unreleased features, including for an always-on AI agent codenamed KAIROS, as well as internal dev notes regarding Claude’s quirks.

More worrying for Anthropic, however, is that the leak opens the door to potential model abuse, with researchers from cyber firm Straiker warning that, instead of blindly brute‑forcing jailbreaks, attackers can now examine how Claude Code’s data pipeline works and build poisoned prompts designed to slip past its defences.

Recommended reading

• UK Tech Workers Take AI Security Risks to Stay Ahead

• AI Ranks As Top Data Security Risk in 70% of Orgs

• Over-priviledged AI Systems Driving Security Incidents

Added to that, cyber firm Zscaler warned that the widespread sharing of Claude Code’s internals on GitHub had turned the leak into a “vector for abuse” for unsuspecting users, with risks including cyber-attacks via mirrored code inserted with trojan backdoors, data exfiltrators, or cryptominers.

“Threat actors are actively leveraging the recent Claude Code leak as a social engineering lure to distribute malicious payloads with GitHub serving as a delivery channel,” wrote Zscaler researchers.

“Threat actors move quickly to take advantage of a publicised incident. That kind of rapid movement increases the chance of opportunistic compromise, especially through trojanized repositories.”

Zscaler recommended that organisations should take a cautious approach, starting with not downloading or running code from a GitHub repository claiming to be leaked from Claude, but if so, then to monitor for anomalous telemetry or outbound connections on work devices, and continuously scan environments for suspicious processes.