The Leak Details
On March 31, 2026, security researcher Chaofan Shou identified a critical error in the distribution of Anthropic’s AI coding assistant, Claude Code. Version 2.1.88 of the @anthropic-ai/claude-code npm package was inadvertently shipped with a 59.8 MB JavaScript source map file. This file contained references to a publicly accessible zip archive hosted on Cloudflare R2 storage bucket. The archive included approximately 1,900 TypeScript files totaling over 512,000 lines of code, representing the full source tree for Claude Code.
The exposure occurred due to a failure in the build pipeline to exclude the source map from production builds and a lack of access controls on the Cloudflare R2 bucket. The combination of these two issues allowed unauthorized access to sensitive internal code. Within hours of the discovery, the code was mirrored on GitHub, with over 41,500 forks before Anthropic issued takedown requests.
The Source Code Exposure
The leaked source code included application logic, internal tooling, configuration schemas, agent orchestration code, and unreleased feature definitions. Researchers identified 44 distinct feature flags for capabilities not yet publicly announced. Notable among these were:
– KAIROS: A daemon mode enabling continuous operation without direct user input.
– BUDDY: A terminal pet system with 18 species designed to enhance user engagement during coding sessions.
– COORDINATOR MODE: A multi-agent architecture allowing parallel task delegation within a single session.
– ULTRAPLAN: A remote planning system for complex tasks requiring coordination across multiple agents.
The code also revealed blueprints for an autonomous AI agent and a Tamagotchi-like companion system, sparking significant discussion in developer communities.
Anthropic’s Response
Anthropic initially described the incident as a “release packaging issue caused by human error,” emphasizing that no customer data or credentials were exposed. The company stated the R2 bucket was no longer publicly accessible and claimed the issue had been remediated. However, it did not disclose how long the source map had been included in published versions, whether prior releases were affected, or the specifics of build pipeline changes leading to the error.
The response mirrored its earlier explanation for a separate CMS leak five days earlier, which also attributed the incident to an internal error rather than a security breach. This framing drew criticism from some researchers and journalists, who questioned the distinction between accidental exposure and a systemic vulnerability.
Market Reactions
The leaks triggered significant market volatility. On March 26, 2026, a misconfiguration in Anthropic’s CMS exposed nearly 3,000 unpublished internal assets, including draft documentation about the Claude Mythos model. This incident led to an estimated $400 billion selloff in cybersecurity stocks.
The subsequent source code leak on March 31 further exacerbated market concerns. Cybersecurity equities fell sharply as investors worried about the implications of Anthropic’s advanced AI models being used for malicious purposes. Leaked documents highlighted the potential for models like Claude Mythos to exploit software vulnerabilities faster than current defenses, raising alarms about AI-driven cyber threats.
Implications for Developers
The incident sparked mixed reactions within the developer community. While some expressed concern over Anthropic’s security practices, others viewed the exposure as an opportunity to study how the company builds its AI tools. The leaked code provided unprecedented insight into Claude Code’s architecture, including its agent orchestration strategies and prompt engineering techniques.
The event also intensified debates about the gap between closed-source commercial AI products and the developer ecosystems that rely on them. Anthropic’s decision not to open source Claude Code raised questions about transparency and trust in proprietary AI development.
Broader Security Concerns
The leaks underscored vulnerabilities in cloud storage configurations, particularly with services like Cloudflare R2. The incident highlighted the risks of misconfigured public buckets, which can serve as entry points for attackers. Experts noted that similar issues had been documented before, yet repeated lapses suggest a need for stronger internal security protocols and automated safeguards against accidental exposure.
Conclusion
The Claude Code source code leak represents a critical moment in the evolving landscape of AI development and cybersecurity. While Anthropic framed the incident as an operational error, the broader implications—ranging from market volatility to ethical concerns about AI capabilities—underscore the urgent need for robust security measures and transparency in high-stakes technology environments. As developers and researchers continue to analyze the exposed code, the incident serves as a cautionary tale about the risks of oversight in complex software ecosystems.
