Anthropic has unintentionally leaked the supply code for its fashionable coding device Claude Code.
The leak comes simply days after Fortune reported that the corporate had inadvertently made shut to three,000 information publicly accessible, together with a draft weblog submit that detailed a robust upcoming mannequin that presents unprecedented cybersecurity dangers. The mannequin is understood internally as each “Mythos” and “Capybara,” based on the leaked weblog submit obtained by Fortune.
The supply code leak uncovered round 500,000 traces of code throughout roughly 1,900 information. When reached for remark, Anthropic confirmed that “some internal source code” had been leaked inside a “Claude Code release.”
A spokesperson stated: “No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”
The newest knowledge leak is doubtlessly extra damaging to Anthropic than the sooner unintentional publicity of the corporate’s draft weblog submit about its forthcoming mannequin. Whereas the most recent safety lapse didn’t expose the weights of the Claude mannequin itself, it did enable folks with technical information to extract further inner info from the corporate’s codebase, based on a cybersecurity skilled Fortune requested to evaluation the leak.
Claude Code is probably Anthropic’s hottest product and has seen hovering adoption charges from massive enterprises. A minimum of a few of Claude Code’s capabilities come not from the underlying massive language mannequin that powers the product however from the software program “harness” that sits across the underlying AI mannequin and instructs it the best way to use different software program instruments and gives vital guardrails and directions that govern its conduct. It’s the supply code for this agentic harness that has now leaked on-line.
The leak doubtlessly permits a competitor to reverse-engineer how Claude Code’s agentic harness works and use that information to enhance their very own merchandise. Some builders may search to create open-source variations of Claude Code’s agentic harness based mostly on the leaked code.
The leaked code additionally supplied additional proof that Anthropic has a brand new mannequin with the interior title Capybara that the corporate is actively making ready to launch, based on Roy Paz, a senior AI safety researcher at LayerX Safety. Paz stated it’s doubtless that the corporate might launch a “fast” and “slow” model of the brand new mannequin, based mostly on the mannequin’s apparently bigger context window, and that it will likely be essentially the most superior mannequin in the marketplace.
At the moment, Anthropic markets every of its fashions in three completely different sizes. The most important and most succesful mannequin variations are branded Opus; barely sooner and cheaper, however much less succesful, variations are branded Sonnet; and the smallest, most cost-effective, and quickest are known as Haiku. Within the draft weblog submit obtained by Fortune final week, Anthropic describes Capybara as a brand new tier of mannequin that’s even bigger and extra succesful than Opus, but additionally dearer.
The most recent leak, first made public in an X submit, seems to have occurred after Anthropic uploaded all of Claude Code’s unique code to NPM, a platform builders use to share and replace software program, as a substitute of solely the completed model that computer systems truly run. The error appears like a “human error” after somebody took a shortcut that bypassed regular launch safeguards, Paz stated. Anthropic instructed Fortune that standard launch safeguards weren’t bypassed.
“Usually, large companies have strict processes and multiple checks before code reaches production, like a vault requiring several keys to open,” he instructed Fortune. “At Anthropic, it seems that the process wasn’t in place and a single misconfiguration or misclick suddenly exposed the full source code.”
Paz additionally raised questions on how the device might doubtlessly hook up with Anthropic’s inner techniques. He stated the better concern will not be direct entry to backend fashions, however reasonably that the leaked code might reveal private particulars about how the techniques work, similar to inner APIs and processes. He added that this sort of info might doubtlessly assist refined actors higher perceive the structure of Anthropic’s fashions and the way they’re deployed, which in flip might inform makes an attempt to work round current safeguards.
Anthropic’s present strongest mannequin, Claude 4.6 Opus, is already classed by the corporate as a harmful mannequin with regards to cybersecurity dangers. Anthropic has stated its present Opus fashions are able to autonomously figuring out zero-day vulnerabilities in software program. Whereas these capabilities are meant to assist firms detect and repair flaws, they may be weaponized by hackers, together with nation-states, to search out and exploit vulnerabilities.
This isn’t the primary time Anthropic has inadvertently leaked particulars about its fashionable Claude Code device. In February 2025, an early model of Claude Code unintentionally uncovered its unique code in an analogous breach. The publicity confirmed how the device labored behind the scenes in addition to the way it linked to Anthropic’s inner techniques. Anthropic later eliminated the software program and took the general public code down.
EDITOR’S NOTE: This text was up to date to incorporate further remark from Anthropic and clarifications of some technical particulars by one of many sources.
