Anthropic source-code leak
Anthropic accidentally exposed roughly 512,000 lines of internal Claude Code CLI source via an npm packaging error, including sourcemaps, agent logic and unreleased agent features — a major security stumble for a company that sells “safety-first” AI. The leak reportedly revealed forward-looking agent features (persistent agents, a stealth “Undercover” mode, early “Buddy” assistant work) and has triggered scrutiny about vendor security controls and enterprise trust. (theguardian.com) (arstechnica.com)
Security researcher Chaofan Shou posted the discovery to X on March 31, 2026 after finding an npm package (v2.1.88) that referenced a 59.8 MB source‑map pointing to a Cloudflare R2 zip with roughly 1,900 TypeScript files. (dev.to) Multiple community mirrors reconstructed the repository and copies on GitHub exploded in popularity, with at least one clean‑room rewrite reportedly reaching 50,000 stars in under two hours. (layer5.io) Anthropic publicly attributed the exposure to human error, said it removed the package, and stated that no sensitive customer data or credentials were involved. (baltimoresun.com) Security commentators and enterprise‑risk analysts flagged immediate supply‑chain and IP concerns, and Gartner alongside industry firms warned vendors must tighten packaging controls and agent permissioning after the incident. (venturebeat.com) Public analysis emphasized that the leak exposed CLI architecture and memory‑subsystem implementations rather than model weights, accelerating clean‑room reimplementations and detailed reverse‑engineering work. (brightdefense.com)
