Anthropic Code Leak Exposes Claude Code Features
Anthropic code leak exposed Claude Code source and Capybara/Mythos testing, prompting takedowns and forcing traders to reassess AI security and hedging.
KEY TAKEAWAYS
- Misconfigured npm source map exposed roughly 512,000 lines of Claude Code source files.
- Exposed agentic harness and feature flags revealed guardrails, multi-agent workflows, and Capybara/Mythos testing.
- Persistent GitHub mirrors and takedown requests heighten reverse-engineering and supply-chain security risks for Anthropic
HIGH POTENTIAL TRADES SENT DIRECTLY TO YOUR INBOX
Add your email to receive our free daily newsletter. No spam, unsubscribe anytime.
Anthropic (P-ANTH) accidentally exposed roughly 512,000 lines of Claude Code source files on March 31, 2026, through a misconfigured npm source map. The leak prompted takedown requests and confirmed the company is testing its unreleased Capybara/Mythos model.
Leak Details and Technical Exposure
The leak occurred via npm package v2.1.88, which included a 60 MB cli.js.map file referencing a public Cloudflare R2 src.zip. This made about 1,900 to 2,000 TypeScript files publicly accessible. The exposed code contained Claude Code’s agentic harness, the software layer that manages tool use, guardrails, and multi-agent workflows. The leak did not include model weights or customer data. Anthropic attributed the incident to human error in release packaging.
The source files revealed feature flags and modules for self-healing memory, KAIROS (a persistent background agent with push notifications), a background "dream" ideation mode, an Undercover Mode designed to conceal Anthropic internals in open-source contributions, anti-distillation poisoning controls, and a Tamagotchi-style "Buddy" system scheduled for rollout from April 1 to 7, 2026.
Response and Strategic Impact
The package was published just after midnight ET on March 31. Security researcher Chaofan Shou flagged the source map at 00:23 ET, and links to the files began circulating. By 04:00 ET, mirrors appeared on code-hosting sites, with one repository gaining about 50,000 stars in under two hours and eventually reaching 84,000 stars and 82,000 forks. Anthropic removed the npm package around noon ET and issued takedown requests reported on April 1.
This incident follows earlier lapses: Claude Code was exposed in February 2025, and draft materials related to the unreleased Mythos/Capybara model leaked through a content-management system days before this event. The public archives referenced Capybara, internally called Mythos, with notes on fast and slow variants, a larger context window, and a potential role as the Opus model’s successor. Early tests described it as the company’s most capable build.
The persistence of mirrored code increases the risk that competitors or third parties could analyze and replicate Anthropic’s guardrails, multi-agent designs, and proprietary tooling. This raises concerns about reverse engineering and supply-chain security that could affect the company’s operational and competitive position.
Anthropic said it is revising release processes and implementing measures to prevent a recurrence of this packaging error. No regulatory filings or official actions have been reported in the 72 hours following the exposure.
