Anthropic has confirmed that its Claude Code has been leaked due to human errors.
The company discovered that its Claude model AI's entire internal code was released to the public after the company released a software update for the model.
"No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. "This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again."
The leak was caused by the accidental presence of a 59.8 MB JavaScript source map file on the version 2.1.88 of the @anthropic-ai/claude-code package. It was intended for internal debugging.
The first to alert to the leak was an intern at Solayer Labs, Chaofan Shou. He posted a direct download link to the hosted archive on X, stating, “Claude's source code has been leaked via a map file in their npm registry!"
Immediately after, thousands of developers copied the 512,000 lines of the proprietary code on GitHub and dissected the features of the model, which were known only to anthropic engineers.
The Claude Code contributes an annualised recurring revenue (ARR) of $2.5 billion to Anthropic.
Developers who have gone through the code have found a list of unreleased features that Anthropic quietly build.
One of them, codenamed KAIROS, seems to be an always-on background agent that allows Claude to autonomously consolidate memory and merge observations and maintain the original context of the work while the user is idle. Dream mode, meanwhile, allows the AI to constantly “think” of ideas in the background.
One feature was a full companion pet system called Buddy, complete with 18 species and rarity tiers and stats.
Another feature uncovered was the Undercover mode, which was described as auto-activated for Anthropic employees on public repos, which strips AI attribution from commit messages.
Meanwhile, ‘coordinator mode’ turns Claude into an orchestrator managing parallel worker agents.
Another feature, ‘Auto mode’ uses an AI classifier to silently approve tool permissions, which will remove confirmation prompts.
Anthropic also had systems in place that inject fake tool in to API requests to poison training data if competitors attempted to scrape Claude Code’ outputs.
The leaked code also reveals how Anthropic solved 'context entropy', which is a tendency for AI agents to become confused as sessions grow in complexity. The code revealed a three layer memory architecture that was different from a traditional storage retrieval.
This is not the first time a leak has occurred for Anthropic. Earlier this week a separate leak this week exposed nearly 3000 files.
The post revealed that there was an upcoming mode that was referred to as Mythos and Capybara.
Anthropic confirmed the incident, and a company spokesperson said that no sensitive customer data or credentials were exposed.
In the recent leak, it was confirmed that Capybara was the internal codename for a Claude 4.6 variant.