Anthropic mistakenly leaks its own AI coding tool's source code, just days after accidentally revealing an upcoming mode [View all]
Source: Fortune
Anthropic mistakenly leaks its own AI coding tool’s source code, just days after accidentally revealing an upcoming model known as Mythos
By Beatrice Nolan
March 31, 2026, 2:15 PM ET
The leak comes just days after Fortune reported that the company had inadvertently made close to 3,000 files publicly available, including a draft blog post that detailed a powerful upcoming model that presents unprecedented cybersecurity risks. The model is known internally as both “Mythos” and “Capybara,” according to the leaked blog post obtained by Fortune.
The source code leak exposed around 500,000 lines of code across roughly 1,900 files. When reached for comment, Anthropic confirmed that “some internal source code” had been leaked within a “Claude Code release.”
A spokesperson said: “No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”
The latest data leak is potentially more damaging to Anthropic than the earlier accidental exposure of the company’s draft blog post about its forthcoming model. While the latest security lapse did not expose the weights of the Claude model itself, it did allow people with technical knowledge to extract additional internal information from the company’s codebase, according to a cybersecurity professional Fortune asked to review the leak.
-snip-
Read more: https://fortune.com/2026/03/31/anthropic-source-code-claude-code-data-leak-second-security-lapse-days-after-accidentally-revealing-mythos/
More, from VentureBeat:
https://venturebeat.com/technology/claude-codes-source-code-appears-to-have-leaked-heres-what-we-know
A 59.8 MB JavaScript source map file (.map), intended for internal debugging, was inadvertently included in version 2.1.88 of the @anthropic-ai/claude-code package on the public npm registry pushed live earlier this morning.
By 4:23 am ET, Chaofan Shou (@Fried_rice), an intern at Solayer Labs, broadcasted the discovery on X (formerly Twitter). The post, which included a direct download link to a hosted archive, acted as a digital flare. Within hours, the ~512,000-line TypeScript codebase was mirrored across GitHub and analyzed by thousands of developers.
For Anthropic, a company currently riding a meteoric rise with a reported $19 billion annualized revenue run-rate as of March 2026, the leak is more than a security lapse; it is a strategic hemorrhage of intellectual property.The timing is particularly critical given the commercial velocity of the product.
-snip-
Much more at the links.
= new reply since forum marked as read