- By Prateek Levi
- Fri, 03 Apr 2026 05:18 PM (IST)
- Source:JND
Anthropic is finding itself in a tussle right now, as the AI firm is dealing with an accidental leak that exposed Claude Code's source code. Anthropic is calling this a 'human error', but this may have reportedly leaked information that is commercially sensitive. What got exposed? Well, the leaked code made its way to the public on the internet through an npm package that released a file, which should not have happened.
Someone went ahead and posted the full archive on X within a few hours of the leak, and the post grabbed 30 million views. The code was almost everywhere. The cause was later confirmed by the creator of Claude Code itself, Boris Cherny, who wrote on X, 'A manual deploy step that didn't get done.' "Our deploy process has a few manual steps, and we didn't do one of the steps correctly."
What Did The Source Code Include?
It exposed almost 2,200 files and 30MB of TypeScript, and reportedly this isn't the first time this has happened; developers who scratched the code suggest that this is at least the third time this is happening.
Anthropic's leaked source code included the company's proprietary techniques, tools, and instructions that are used in directing its AI suite to act as a coding agent, according to a Wall Street Journal report. These tools and techniques that got leaked are referred to as "Harness", a term demarcating how users can control or guide the way an AI model functions. Now the company's competitors and some startup developers have got their hands on the source code, and the interesting part is, with the source code in their own hands, the need to reverse engineer the code is no longer required.
Apart from that, hackers could also use this exposed code to exploit vulnerabilities that could eventually compromise the Claude Code's code. Once the code started circulating, developers quickly got to work digging through it. As they went line by line, they spotted references to unreleased model versions like Opus 4.7 and Sonnet 4.8, along with some interesting internal codenames such as Capybara and Tengu.
The biggest talking point, though, was something called KAIROS. Based on what’s been found, it seems to be an always-on background agent that can take initiative, handle tasks proactively, and keep a daily log of its actions. It also runs a nightly process called "autoDream" to reorganise what it has learnt. Despite all the attention, Cherny said Anthropic hasn’t decided yet if this will actually be released.
There were a few lighter elements too. One of them is a Tamagotchi-style coding companion that sits beside the input box and reacts to what you’re doing. On the other side, developers also found a system that tracks swear words as signals of negative sentiment. Cherny confirmed this is real via a post on X.
Not An Isolated Incident In The Industry
These incidents have become repetitive, and this latest one is not an isolated one. Fortune had reported earlier that a leak had exposed almost 3,000 files, the contents of which revealed an upcoming model being internally termed "Mythos" and "Capybara". Security researchers also warn that these leaks expose enterprises to greater risks as reverse engineering their internal agentic code used to develop the 'harness' becomes possible.
In a conversation with The Daily Jagran, Murali Vivekanandan (Founder & Chairman), Ideas2IT, discussed how the AI stack is rapidly moving ahead but the security around it is still staggered and said, "In the span of a single week, two incidents laid bare an uncomfortable truth about the AI ecosystem: the toolchain enterprises are racing to adopt is riddled with the same class of mundane, preventable security failures that have plagued software for decades; only now, the blast radius is orders of magnitude larger.
Anthropic, the company that brands itself as the safety-first AI lab, accidentally shipped 500,000 lines of Claude Code's internal source code to the public npm registry because a debug file wasn't excluded from a production build."
Shedding light on another incident that took place, he further added, "Days later, AI recruiting startup Mercor, valued at $10 billion and serving OpenAI, Anthropic, and Meta, confirmed a breach stemming from a supply chain compromise of LiteLLM, an open-source library downloaded millions of times daily. Malicious code planted by the hacking group TeamPCP was live for just 40 minutes, yet it was enough for the Lapsus$ extortion gang to claim 4 terabytes of stolen data, including source code, candidate PII, and video interviews."
The pattern of security vulnerabilities with the tools enterprises adopt isn't novel. What's new is the concentration of risk. Because of the tremendous pressure to adopt AI, enterprises are bolting AI libraries into production at startup speed, foregoing the usual security gates. What makes it more dangerous is that these new AI tools are exponentially more capable than traditional tools and, hence, if hijacked, can create significant damage."
Anthropic, after confirming the incident, has said that no sensitive customer data was exposed in the leak and the credentials are safe and it was a human error that caused it rather than a security breach.
What Enterprises Can Do
Even though Anthropic has confirmed that it was not due to a data breach but a human error, enterprises can still double down on their security. While speaking to the Daily Jagran, Murali Vivekanandan (Founder & Chairman) Ideas2IT, suggested steps that enterprises can opt for to enhance security measures and said, "First, treat AI dependencies like any other critical supply chain component. Don't short-circuit any security measures in the interest of speedy adoption. Evaluating AI tools needs a completely different framework. Invest in building this capability internally or partner with the right vendor.
Finally, slow down just enough to instrument properly. Enterprises are deploying AI tools into production before observability, audit logging, and incident response playbooks exist for those tools. The speed-to-value calculus changes dramatically when a 40-minute window of exposure, as in the LiteLLM case, is enough to lose terabytes of sensitive data."
Adding further, "The AI race rewards velocity, but security debt compounds faster than technical debt. The enterprises that win in the long term will be the ones that build guardrails at the same pace they ship features."
The incident underscores how even minor lapses can expose critical AI systems to significant risks. As enterprises accelerate AI adoption, robust security practices must keep pace. Without stronger safeguards, oversight, and disciplined deployment processes, such preventable errors could lead to far more damaging breaches in an increasingly AI-driven ecosystem.