Anthropic accidentally leaks 500,000 lines of Claude Code source, exposing unreleased features and roadmap
A misconfigured npm release exposed the full agentic harness behind Claude Code — Anthropic's second significant security lapse in a week — revealing features flagged for imminent launch.
Anthropic accidentally published the internal source code powering its Claude Code coding assistant to the public npm registry on March 31, Axios reported. The leak, triggered by a routine update that included a debugging file it should not have, exposed approximately 500,000 lines of code across nearly 2,000 files before Anthropic issued takedown requests.
The codebase was quickly identified by security researcher Chaofan Shou, spread across GitHub, and accumulated thousands of stars within hours.
The leaked code did not expose Claude's underlying model weights, but it did reveal the full agentic harness — the software layer that instructs Claude how to use tools, manage files, run shell commands, and orchestrate multi-agent workflows. Cybersecurity professionals who reviewed the code told Fortune that this harness is in some ways more strategically valuable than the model weights themselves, since it encodes how Anthropic has solved the engineering problems of running reliable AI agents in production.
Among the most sensitive disclosures were feature flags for capabilities that appear fully developed but have not yet launched, including a persistent background assistant that continues working when the user is inactive, cross-session memory sharing, and remote control of Claude Code from a mobile device. Internal codenames were also exposed, including "Capybara" for an upcoming model variant and references to a planned model family codenamed "Mythos," consistent with a separate accidental disclosure earlier in the same week when roughly 3,000 internal documents were made briefly public.
Anthropic confirmed the incident in a statement to Axios: "Earlier today, a release of Claude Code included some internal source code. No sensitive customer information or credentials were affected or disclosed.
This was an issue with the release packaging due to human error, not a security breach. We are implementing measures to prevent a recurrence." The double security lapse raised questions about internal release processes at a company valued at approximately $350 billion that is reportedly considering a public offering in the fourth quarter of 2026.
Read the original reporting at Axios.
