In April 2026, Anthropic accidentally published the full source code of Claude Code — roughly 512,000 lines of TypeScript — inside an npm package update. A researcher found it within hours and posted it publicly on GitHub.
If your team uses Claude Code, here's what you need to know — without the technical jargon.
What actually leaked
The short version: Anthropic's own internal code. Not your data.
Anthropic accidentally included a .map file that contained every line of the original source code. Think of it like accidentally shipping your product with all your internal engineering notes printed on the back of the box.
What was exposed:
- How Claude Code works internally — the instructions it follows, how it decides what to do
- Features your team didn't know existed — including a memory system, multi-agent coordination, and an autonomous permissions mode internally called "YOLO classifier"
- Security mechanisms Anthropic built to protect API credentials on your machine
What was NOT exposed:
- Your company's code
- Your API keys or conversation history
- Anthropic's AI models or training data
Why it matters for your security policy
1. Your vendor's operational security is part of your risk
Shipping a source map in a production npm package is a basic release hygiene mistake. The kind a pre-publish checklist or CI check catches automatically.
When you approve an AI tool for your team, you're implicitly trusting the vendor's internal processes. This is a data point about Anthropic's release process maturity.
What to add to your AI tool policy: Ask vendors — have they had prior security incidents? Do they have a disclosed security program? How do they notify customers when something goes wrong?
2. There are features in the tool your team didn't approve
The leaked code reveals production-ready features hidden behind feature flags — not visible, but running on your developers' machines:
- An autonomous permissions mode that makes decisions without asking the user
- A memory system that persists information across sessions
- Multi-agent coordination
Your AI acceptable use policy was written against features you knew about. If these get enabled quietly in a future update, your policy doesn't cover them.
What to add: Review AI tools quarterly for new default features. Add a clause requiring vendor notification before significant new capabilities are activated.
3. You need a process for third-party AI tool incidents
Most small teams don't have this. When a tool your team uses has a security incident — even one that doesn't affect your data — you need to be able to answer quickly:
- Does this change our threat model?
- Do we need to rotate credentials?
- Do we need to notify clients?
For this incident, the answer is mostly "no immediate action, but monitor." But having the process matters.
What to do right now (30 minutes)
If your team uses Claude Code:
- Rotate your Anthropic API keys — 5 minutes in the Anthropic console. Not strictly required, but good practice after any vendor incident.
- Check audit logs — do you have a record of what Claude Code accessed and when?
- Brief your tech lead — make sure they've reviewed Anthropic's official response.
If your team uses other AI coding tools (Cursor, Copilot, etc.):
Use this as a trigger to run the same questions for every AI tool. I built a checklist for exactly this: CEO AI Tool Approval Checklist
The broader lesson
AI tools are software. Software vendors make operational mistakes.
The question isn't "is this AI tool perfectly secure?" — nothing is. The question is: do you have enough visibility and process to respond when something goes wrong?
The Claude Code leak is a low-severity incident with a high-visibility lesson.
How does your team handle third-party AI tool incidents? Do you have a process, or would this have caught you off guard?
Top comments (0)