Key Takeaways:
Anthropic accidentally exposed 512,000 lines of Claude Code source code across roughly 1,900 TypeScript files via a misconfigured npm package release on March 31.
The leak came days after a separate lapse exposed details of an unreleased model codenamed Mythos/Capybara, which Anthropic is withholding due to unprecedented cybersecurity capabilities.
Attackers launched typosquatting and supply chain attacks within hours of the exposure, and a Chinese state-sponsored group had already exploited Claude Code against approximately 30 organizations.
Anthropic accidentally published the full source code for Claude Code, its AI-powered coding assistant, via a misconfigured npm package on March 31. The leak exposed roughly 512,000 lines of TypeScript code across approximately 1,900 files, revealing the tool's complete architecture, unreleased features, and internal model performance data. Within hours, the codebase was mirrored across GitHub and accumulated more than 25,000 stars.
This was Anthropic's second security lapse in one week. Days earlier, Fortune reported the company left close to 3,000 files publicly accessible in an unsecured data store, including a draft blog post detailing an unreleased model known internally as Mythos and Capybara. That model is described as a new tier above the current Opus, with what Anthropic called unprecedented cybersecurity capabilities. The company is deliberately withholding it.
"No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson told Axios. "This was a release packaging issue caused by human error, not a security breach."
The leaked code revealed dozens of feature flags for unreleased capabilities including cross-session learning, persistent background agents, and remote control from mobile devices. Security researcher Roy Paz of LayerX Security told Fortune the code suggests Anthropic is preparing fast and slow versions of the new model with a larger context window.
The fallout was immediate. Attackers began typosquatting internal npm package names within hours, staging dependency confusion attacks. Users who installed or updated Claude Code via npm on March 31 between specific time windows may have pulled a trojanized version containing a remote access trojan, according to The Hacker News. Anthropic issued DMCA takedown requests on thousands of GitHub repositories, then scaled them back after the takedown impacted more repos than intended.
Claude Code's run-rate revenue had reached more than $2.5 billion as of February. The company that markets itself as the safety-first AI lab now has to explain why it couldn't secure its own most profitable product. Twice.
People Also Ask
Q: What happened in the Anthropic Claude Code leak? A: A misconfigured npm release accidentally included a source map file pointing to Claude Code's full TypeScript source code, exposing 512,000 lines across 1,900 files on March 31, 2026.
Q: What is the Anthropic Mythos model? A: Mythos (also called Capybara internally) is an unreleased Anthropic model described as a tier above Claude Opus with unprecedented cybersecurity capabilities. Anthropic is deliberately withholding it due to its risk profile.
Q: Was customer data exposed in the Claude Code leak? A: Anthropic says no customer data or credentials were exposed. The leak revealed internal source code, unreleased feature flags, and architectural details of the Claude Code coding agent.
Q: Is Claude Code safe to use after the leak? A: Users who installed or updated Claude Code via npm during a specific window on March 31 may have been exposed to a supply chain attack. Anthropic recommends downgrading to a safe version and rotating all secrets.
Sources: