Anthropic confirmed it accidentally exposed the source code of Claude Code due to a packaging error during a routine update. A debugging file was mistakenly included in a software package published to a public developer registry, allowing external access to the code. This incident marks the second leak in under a year, with a similar occurrence reported in February, raising questions about Anthropic’s security practices.

The leakage spotlights operational vulnerabilities within a company known for strict security measures. Following the exposure, a security researcher found the source map that unveiled the entire codebase, prompting quick replication and analysis on platforms like GitHub. Anthropic has begun issuing DMCA takedown notices to eliminate mirrors of the leaked files.

A South Korean developer, Sigrid Jin, utilized the leaked source code to rebuild core functionality in Python, resulting in a project called “claw-code.” This reimplementation uses an AI orchestration tool and highlights the implications of the leak in the developer community.

The leaked code reportedly contained feature flags hinting at unreleased functionalities, including a tool for reviewing recent sessions, a persistent assistant mode, and remote access capabilities. These revelations provide insight into potential advancements and upcoming features for the Claude Code platform.

An Anthropic spokesperson stated that the incident was due to a packaging error and emphasized that no customer data or credentials were compromised. The company is now implementing measures to avoid similar issues in the future. Previously, an early version of Claude Code was briefly exposed in February 2025, underscoring recurring challenges in code management.

Featured image credit