Anthropic Accidentally Revealed Claude Code Source Code, Raising New Security Questions

Anthropic created a reputation problem for itself: due to an error in the Claude Code release, part of the internal source code leaked, and the breach spread across the network within hours. For a company that builds the image of one of the most cautious players in the AI market, this is not just a technical glitch, but a painful blow to trust in its own security processes. The incident occurred after a Claude Code update — Anthropic's tool for AI-assisted programming.

An internal file accidentally made it into the release package, pointing to an archive with almost 2,000 files and approximately 500,000 lines of code. This proved sufficient for the contents to quickly migrate to GitHub and other platforms. The link to the leaked code spread across X at enormous speed: the post containing it received over 29 million views by the next morning.

In parallel, a reprocessed repository with this code appeared on GitHub, which, according to reports online, became one of the fastest-spreading mirrors of its kind. Anthropic stated that the cause was human error during release packaging, not an external hack. According to the company, the published data contained neither customer information, nor secret keys, nor Claude's base model content.

It was specifically code related to the internal architecture of Claude Code. Formally, this reduces the scale of the damage, but it does not negate the main question: why did an internal artifact even make it into a public release. In such stories, what matters is not only the composition of the leak, but the very fact that control at the final stage failed.

Developers and researchers quickly began examining the published files and found hints about features that had not yet been officially presented. Among them — a concept for a coding assistant in the spirit of a virtual pet that reacts to user actions next to the input field, as well as a constantly active agent capable of working in the background. Additionally, the code revealed internal instructions for Claude and details related to memory and tool operation logic.

Such findings fuel interest in the product, but simultaneously give competitors and attackers additional material for analysis. The problem is compounded by the fact that this is not the first similar episode involving Anthropic. Part of the Claude Code source has already been subject to reverse engineering by independent developers, and an earlier version of the tool also surfaced in public access in February 2025.

Before the current incident, the company faced another leak: thousands of internal files were discovered in externally accessible systems, including drafts mentioning future models called Mythos and Capybara. Against this backdrop, the current story looks not like a one-time mishap, but as a repeating failure in operational discipline. And this is especially sensitive precisely now.

Claude Code has become one of Anthropic's key growth products: interest in the company's paid subscriptions has noticeably increased, and Claude itself has strengthened its position among mass AI services and developer tools in recent months. The larger Anthropic's share in corporate development, the higher the price of any mistake in the supply chain. When a company sells not just a chatbot, but a system trusted with code writing and agent task execution, requirements for release processes and internal isolation automatically become stricter.

A separate risk relates to the fact that leaks of this kind help not only curious users but also competitors. Even if the archive contains no direct model secrets, code structure, prompts, engineering approaches, templates for new features, and developer comments allow a better understanding of exactly how the product works and where its weak points lie. For a company that bets on security and responsible AI development, this is an especially unpleasant signal: the market sees not only ambitions, but how carefully they are implemented in practice.

What this means: the Claude Code story showed that the main risk for AI companies today often lies not in the models themselves, but in operational details around them — release assembly, access controls, internal artifacts, and publication control. Anthropic managed to quickly state that user data was not affected, but this is not enough to close the issue. After a second leak in a short period, the company will be expected not to explain the human factor, but to prove that its processes have truly become more reliable.