Anthropic leaks source code for its AI coding agent Claude

Skip to content Anthropic leaks source code for its AI coding agent Claude Mario Lotmore April 4, 2026 SAN FRANCISCO — Anthropic accidentally exposed roughly 512,000 lines of proprietary TypeScript source code for its AI-powered coding agent Claude Code on March 31, the company confirmed, in what it described as a human error during a routine software update. The leak involved the full client-side architecture of Claude Code, a command-line tool that acts as an autonomous “coding coworker.” It did not include the core Claude AI model’s weights, training data or server-side infrastructure. The exposure occurred when version 2.1.88 of the anthropic-ai/claude-code npm package included a 59.8-megabyte JavaScript source map file. The map inadvertently pointed to a complete ZIP archive of the original codebase stored on Anthropic’s Cloudflare R2 bucket. Security researcher Chaofan Shou spotted the file and publicly disclosed it on X, triggering rapid downloads and mirroring across GitHub within hours. The leaked code spanned nearly 1,900 to 2,000 files and revealed the inner workings of Anthropic’s agent harness — the decision-making engine that turns natural-language instructions into real actions. It included the full ReAct-style loop (reason, act, observe, repeat), tool definitions for bash commands, file reading and editing, git operations and test execution; system prompts that guide safety, memory management and multi-agent coordination; and dozens of unreleased feature fl...