Anthropic, the AI company behind the Claude coding assistant, accidentally leaked the internal source code for Claude Code, raising significant security concerns for the firm known for its focus on AI safety. The exposure originated from a large JavaScript source map file mistakenly included in a public release of version 2.1.88 of the `@anthropic-ai/claude-code` package on the npm registry. This misstep revealed critical details of Claude Code’s “agentic logic,” which orchestrates how the AI interacts with operating systems, file systems, and even SSH keys. Such deep integration means that vulnerabilities exposed through the source code could allow malicious actors to craft sophisticated prompt injection attacks, enabling unauthorized access, environment variable exfiltration, or the installation of backdoors during automated coding workflows.
The leak also disclosed “Undercover Mode,” a mechanism designed to obscure the AI’s identity in code contributions, which could be exploited to generate untraceable automated pull requests in open-source projects. This amplifies risks by potentially allowing subtle, automated logic bombs to infiltrate widely used codebases, compromising software supply chains and developer environments. The incident is particularly troubling given Anthropic’s rising prominence in the AI space, dominated by a reported $19 billion annualized revenue run-rate. Claude Code itself has achieved an impressive $2.5 billion in recurring annual revenue, making the leak a significant strategic and intellectual property loss.
This incident serves as a cautionary tale for AI firms balancing aggressive innovation with the imperative of safeguarding their highly sensitive AI system internals and their users’ security.

