DEV Community: Tyler

Claude Code Leaked. Here's What It Means for Your Team's Security Policy.

Tyler — Sun, 05 Apr 2026 14:59:56 +0000

In April 2026, Anthropic accidentally published the full source code of Claude Code — roughly 512,000 lines of TypeScript — inside an npm package update. A researcher found it within hours and posted it publicly on GitHub.

If your team uses Claude Code, here's what you need to know — without the technical jargon.

What actually leaked

The short version: Anthropic's own internal code. Not your data.

Anthropic accidentally included a .map file that contained every line of the original source code. Think of it like accidentally shipping your product with all your internal engineering notes printed on the back of the box.

What was exposed:

How Claude Code works internally — the instructions it follows, how it decides what to do
Features your team didn't know existed — including a memory system, multi-agent coordination, and an autonomous permissions mode internally called "YOLO classifier"
Security mechanisms Anthropic built to protect API credentials on your machine

What was NOT exposed:

Your company's code
Your API keys or conversation history
Anthropic's AI models or training data

Why it matters for your security policy

1. Your vendor's operational security is part of your risk

Shipping a source map in a production npm package is a basic release hygiene mistake. The kind a pre-publish checklist or CI check catches automatically.

When you approve an AI tool for your team, you're implicitly trusting the vendor's internal processes. This is a data point about Anthropic's release process maturity.

What to add to your AI tool policy: Ask vendors — have they had prior security incidents? Do they have a disclosed security program? How do they notify customers when something goes wrong?

2. There are features in the tool your team didn't approve

The leaked code reveals production-ready features hidden behind feature flags — not visible, but running on your developers' machines:

An autonomous permissions mode that makes decisions without asking the user
A memory system that persists information across sessions
Multi-agent coordination

Your AI acceptable use policy was written against features you knew about. If these get enabled quietly in a future update, your policy doesn't cover them.

What to add: Review AI tools quarterly for new default features. Add a clause requiring vendor notification before significant new capabilities are activated.

3. You need a process for third-party AI tool incidents

Most small teams don't have this. When a tool your team uses has a security incident — even one that doesn't affect your data — you need to be able to answer quickly:

Does this change our threat model?
Do we need to rotate credentials?
Do we need to notify clients?

For this incident, the answer is mostly "no immediate action, but monitor." But having the process matters.

What to do right now (30 minutes)

If your team uses Claude Code:

Rotate your Anthropic API keys — 5 minutes in the Anthropic console. Not strictly required, but good practice after any vendor incident.
Check audit logs — do you have a record of what Claude Code accessed and when?
Brief your tech lead — make sure they've reviewed Anthropic's official response.

If your team uses other AI coding tools (Cursor, Copilot, etc.):

Use this as a trigger to run the same questions for every AI tool. I built a checklist for exactly this: CEO AI Tool Approval Checklist

The broader lesson

AI tools are software. Software vendors make operational mistakes.

The question isn't "is this AI tool perfectly secure?" — nothing is. The question is: do you have enough visibility and process to respond when something goes wrong?

The Claude Code leak is a low-severity incident with a high-visibility lesson.

How does your team handle third-party AI tool incidents? Do you have a process, or would this have caught you off guard?

CEO Checklist: 10 Questions Before Approving Cursor, ChatGPT, or Claude for Your Team

Tyler — Sun, 05 Apr 2026 12:58:19 +0000

I'm a PM. My CEO kept asking: "Are these AI tools actually safe?"

I didn't have a good answer. So I went and built one.

Here's what I found — and what most startups get wrong.

The core problem

Most teams adopt AI coding tools like this:

Dev asks "can I use Cursor?"
CEO Googles it briefly
CEO says yes

No one checks training defaults. No one verifies whether source code leaves the environment. No one sets up audit logs.

Then something goes wrong and there's no paper trail.

10 questions to run before you approve any AI tool

1. Is this tool training on our code?

Tool	Default	How to opt out
Cursor Personal	ON	Upgrade to Business
ChatGPT Free/Plus	ON	Settings → Data Controls → toggle off
Claude API / Team	OFF	Already off
Notion AI	OFF	Per policy

Action: Verify each tool. Screenshot the setting. Save it in a doc.

2. Does source code leave our environment?

Cursor and Copilot send code context to servers on every completion. That's how they work — there's no offline mode.

ChatGPT: only if your dev manually pastes code into the chat.

This matters even if training is OFF. If the vendor gets breached, your code is exposed.

3. How long is data retained?

Cursor: ~30 days, deletion available on request
ChatGPT: until you delete the conversation
Claude API: not retained after the request completes

If you can't find "Data Retention" in their Privacy Policy in 5 minutes — that's a red flag.

4. If there's a breach, how fast do they notify you?

90% of CEOs never ask this. GDPR requires 72 hours — but only if you're in scope.

Search "incident notification" in their Terms of Service. No clause = no contractual obligation to tell you anything.

5. Are your devs using personal accounts for work?

Personal ChatGPT free = training ON, no audit logs, no way to revoke access when they leave.

This is the most common problem. Most teams have it and don't know.

Fix: Mandate company plans. No personal accounts for work AI tools.

6. Do you have audit logs?

Personal/Free plans: No logs
Team/Business plans: Basic logs
Enterprise plans: Full logs

No logs = no way to reconstruct what happened during an incident.

7. Can you delete your data if you leave?

Test this before committing. Create an account → use it → request deletion → see if they confirm clearly.

Some vendors confirm in days. Others are vague. If you can't get written confirmation — assume the data stays forever.

8. Do they have SOC 2?

Cursor: Yes (SOC 2 Type II)
ChatGPT / OpenAI: Yes
Claude / Anthropic: Yes
Notion: Yes

No certification = you're trusting their self-assessment, not an external audit. Not automatically a dealbreaker — but you should know.

9. Who owns the AI-generated output?

Cursor, ChatGPT, Claude: you own the output per current Terms of Service.

Unresolved edge case: if two companies generate nearly identical code from the same prompt — who owns it? No clear case law yet.

10. Does your team know any of this?

The best policy is useless if only the CEO has read it.

Fix: 30-minute team briefing. One doc listing approved tools, prohibited tools, and required account type. Add it to your onboarding checklist.

What to document after the checklist

For each approved tool, record:

Tool name
Plan/tier (Personal, Team, Business, Enterprise)
Whether training is OFF
Whether audit logs are available
Date last reviewed

Keep this in a shared doc and review every 6 months or when a vendor changes their policy.

Full version with FAQ and more detail: aipolicydesk.com/blog/ceo-ai-tool-approval-checklist

How does your team handle AI tool approvals? Is there a process, or is it mostly "dev asks, CEO says yes"?