On March 31, 2026, Anthropic — the company behind Claude, one of the most widely used AI platforms in the world — accidentally published the entire source code of their flagship coding tool to the public internet. Not through a breach. Not through a sophisticated attack. Through a single misconfigured file in their build pipeline.
Half a million lines of proprietary code. Exposed to anyone with an internet connection. And the fallout is still unfolding.
What Actually Happened
Anthropic builds Claude Code using TypeScript and packages it for distribution through npm — the same public registry that millions of developers use every day to download software libraries. When they published version 2.1.88 of their @anthropic-ai/claude-code package, it included a 59.8 megabyte source map file that was never supposed to be there.
A source map is a debugging file that maps compiled, minified production code back to the original human-readable source. It is an essential development tool. It is also something that should absolutely never ship in a production release.
The root cause was breathtakingly simple. Their build tool, Bun, generates source maps by default. Anthropic failed to exclude the .map file in either their .npmignore file or the files field of their package.json. One missing line of configuration exposed 1,906 source files containing the complete architecture of their AI agent platform.
This Was Not Their First Incident
Five days earlier, on March 26, Anthropic left details of an unreleased AI model — codenamed Mythos — in an unsecured public database. That leak included internal documents, draft blog posts, and details about an exclusive CEO event. Two major security failures in under a week from a company that markets itself as the safety-first AI lab.
What the Leaked Code Revealed
Security researchers immediately began analyzing the exposed source. What they found was significant:
- 44 unreleased feature flags for capabilities that are fully built but hidden from users — including autonomous background agents, multi-agent swarm coordination, and an advanced task scheduling system
- Internal API endpoints and the complete communication pattern between the CLI client and Anthropic’s backend infrastructure
- Permission and execution logic showing exactly how the tool decides what shell commands to run, what files to access, and what guardrails to apply
- Telemetry systems that track user behavior patterns, including frustration detection based on retry frequency and message sentiment
For competitors, this was an unintentional product roadmap. For security researchers, it was a goldmine. For attackers, it was an opportunity.
Attackers Moved Fast
Within 48 hours, threat actors began exploiting the situation. Zscaler’s ThreatLabz team discovered a fake GitHub repository published under the name “Claude Code leak” that appeared to contain the leaked TypeScript source. In reality, it was a trojan.
The archive included a file called ClaudeCode_x64.exe — a Rust-based dropper that deployed two pieces of malware:
- Vidar v18.7 — an information stealer that harvests browser credentials, cryptocurrency wallets, authentication tokens, and sensitive documents from infected machines
- GhostSocks — a SOCKS5 proxy backdoor that turns the victim’s machine into a relay for the attacker’s traffic, making their malicious activity appear to originate from the victim’s IP address
This is a textbook example of how threat actors weaponize public incidents. The hype around the leak created a wave of curiosity. People searched for the source code. Attackers created convincing-looking repositories and waited for downloads. Anyone who ran the fake executable handed their credentials and network access to the attackers.
The DMCA Cleanup Made It Worse
Anthropic’s response to the leak introduced a new problem. In their rush to scrub copies of the source code from GitHub, they filed mass DMCA takedown requests that accidentally targeted approximately 8,100 repositories — the vast majority of which had nothing to do with the leak. Legitimate open source projects were taken offline without warning.
Anthropic acknowledged the error and retracted most of the takedown notices, but the damage to developer trust was already done. The irony of an AI company — whose models were trained on publicly available code — aggressively enforcing intellectual property protections was not lost on the developer community.
What Your Business Should Learn From This
You do not need to be an AI company to be vulnerable to the same class of failure. Every organization that builds, packages, or deploys software faces identical risks. Here is what this incident teaches us:
1. Your Build Pipeline Is a Security Boundary
Most companies invest heavily in securing their production servers and network perimeter. Far fewer treat their build and release pipelines with the same rigor. Anthropic’s entire leak came down to a missing exclusion rule in a packaging configuration file. No hacking required.
Action item: Audit your build pipeline today. Review every configuration file that controls what gets included in your deployable artifacts — .npmignore, .dockerignore, .gitignore, Dockerfile COPY instructions, CI/CD artifact definitions. Run a test build and manually inspect what ends up in the final package. You may be surprised.
2. Source Maps and Debug Artifacts Must Never Ship to Production
Source maps, debug symbols, verbose error messages, API documentation endpoints, and development configuration files are all common items that accidentally make it into production deployments. Each one gives attackers information they should not have.
Action item: Add automated checks to your CI/CD pipeline that fail the build if debug artifacts are detected in the release package. This should be a hard gate, not a warning.
3. Attackers Exploit Incidents, Not Just Vulnerabilities
The malware campaign that followed this leak had nothing to do with the leaked code itself. Attackers simply capitalized on public curiosity. They knew people would search for the source code, so they created fake repositories designed to look legitimate.
This pattern repeats after every major security incident. When a breach makes headlines, phishing campaigns immediately follow — posing as password reset notices, security advisories, or helpful tools related to the incident.
Action item: Train your team to recognize that major security incidents create secondary attack opportunities. When a vendor announces a breach, be extra cautious with any unsolicited emails, downloads, or links related to the incident.
4. Incident Response Plans Must Include Communication Failures
Anthropic’s mass DMCA takedown caused significant collateral damage. Their response to the security incident created a second incident — a trust and reputation problem that arguably caused more lasting harm than the original leak.
Action item: Your incident response plan should include a communication review step before any public-facing action is taken. Rushed responses to security incidents frequently make things worse.
5. Secrets and Source Code Require Different Protection Strategies
Anthropic stated that no customer data or credentials were exposed in the leak — only source code. That distinction matters because it suggests they had properly separated secrets from code. Many organizations are not that disciplined. API keys hardcoded in source files, database passwords in configuration committed to version control, and credentials stored in environment files that ship with the application are all common and catastrophic mistakes.
Action item: Secrets belong in a dedicated secrets manager or encrypted vault, never in source code or configuration files that could be accidentally exposed. Audit your repositories today for any committed credentials using tools like trufflehog or gitleaks.
The Bigger Picture
This incident is a reminder that security failures do not require sophisticated attacks. They require one overlooked configuration, one unchecked default, one assumption that the build tool would not include something it should not.
Anthropic is a well-funded company with talented engineers building cutting-edge technology. If a missing .npmignore rule can expose their entire codebase, imagine what a similar oversight could expose in your environment.
At YourTech, we help businesses across South Florida build security into every layer of their operations — from network architecture and endpoint protection to build pipeline hardening and incident response planning. Because security is not just about firewalls and antivirus. It is about every process, every configuration, and every assumption that stands between your business and a preventable disaster.
Contact YourTech today to schedule a security assessment. Let us find the gaps before someone else does.