Anthropic accidentally leaks Claude Code source in packaging error

TL;DR: Anthropic exposed nearly 2,000 internal files and 500,000 lines of code from its Claude Code assistant through a mistaken software update. The company says no customer data was involved, but it marks the second leak in recent weeks — raising questions about internal security at the AI safety firm.

A routine software update for Anthropic’s Claude Code tool went wrong on Tuesday when an internal-use file accidentally included a link to an archive containing the assistant’s source code. Developers quickly copied the files to GitHub, and a post sharing the leaked code amassed more than 29 million views on X.

What was exposed

The leaked archive contained around 2,000 files related to Claude Code’s internal architecture. Within the code, developers found references to an always-on AI agent and a Tamagotchi-style coding companion. Anthropic stressed that no customer data or credentials were exposed, describing the incident as “a release packaging issue caused by human error, not a security breach.”

A rewritten version of the source code became GitHub’s fastest-ever downloaded repository before Anthropic issued copyright takedown requests to contain the spread. Notably, parts of Claude Code’s internals were already semi-public — independent developers had reverse-engineered earlier versions, and a previous exposure occurred in February 2025.

Second leak raises broader concerns

This is not an isolated incident. Fortune previously reported a separate breach involving thousands of internal files stored on publicly accessible systems, including references to unreleased models codenamed “Mythos” and “Capybara.” For a company that has built its brand around AI safety and responsible development, repeated security lapses create a credibility problem.

The leaks also carry competitive implications. Reports suggest the exposed code included commercially sensitive details about how Anthropic configures its models to function as coding agents — information that rivals like OpenAI and Google could find useful.

Looking forward

The timing adds further pressure. The US government recently designated Anthropic as a supply chain risk, a characterisation the company is contesting in court. Whether these incidents reflect systemic security weaknesses or isolated human errors, Anthropic will need to demonstrate tighter controls to maintain trust with enterprise customers and regulators alike.