Claude Code Leak: Anthropic Accidentally Publishes Entire Source Code to Public npm

On March 31, 2026, Anthropic accidentally published the entire Claude Code source code to a public npm registry. For several days, 512,000 lines of TypeScript remained publicly accessible until a researcher discovered the configuration error in Cloudflare and reported it to the company.

What Was Exposed in the Leak

The code comprised 1,906 files and contained the complete implementation of Claude Code — a tool developers use to automate programming with AI. All of this was stored on a Cloudflare bucket without basic access protection, accessible to anyone who knew the correct URL.

The leak included not only source code, but also deployment configuration, API keys for integrations with GitHub, Slack, and other platforms, as well as internal documentation about the system architecture. This is information that normally remains in private repositories and could be used to search for vulnerabilities or reverse engineering.

The scale of the leak is staggering: 512,000 lines of code represent the complete development history of the product, including commits, developer comments, and experimental branches.

Hidden Flags and the Mysterious Mythos

The source code contained 44 hidden feature flags — functions that Anthropic plans to release but are currently disabled in public versions. Among them were references to a model with the codename Mythos.

Little is known about Mythos itself: it's unclear from the code whether this refers to a new version of Claude or a separate experimental project running on a completely different architecture. But the very fact that such a reference was found in the published code suggests that Anthropic is working on something significant and is keeping it secret from competitors.

The leak revealed several interesting details about Anthropic's priorities and plans:

• 44 hidden feature flags in the source code
• References to the Mythos model in developer comments
• API keys and configuration for working with external services
• Fragments of documentation on Claude Code's architecture
• Test data and examples for internal use
• History of all commits with dates and authors

Security as the Industry's Weak Point

This situation reveals a profound paradox in the AI industry. Companies that actively discuss AI safety and the need for regulation are making basic mistakes in protecting their own code.

The leak did not result from a targeted hacker attack or social engineering, but simply from an incorrect Cloudflare bucket configuration. The researcher published information about the leak on social media, and only after that did Anthropic delete the code and request removal from caches. However, copies have almost certainly already spread across the internet.

The question is how long competitors will spend analyzing this code and whether they will find something in the architecture they can use to their advantage.

«This reminds us of situations that have happened with other major companies.

Security often remains on the periphery until an incident occurs,» commented a leading security specialist on the incident.

What This Means

AI companies are developing at an accelerated pace, but security infrastructure often lags behind. The Claude Code leak is not the first or last incident of its kind.

For developers, this is a reminder: no one is immune, not even recognized industry leaders. Companies should treat code protection as seriously as they treat model protection.