A major security breach occurred at Anthropic when its internal error led to the leak of over 512,000 lines of code for its popular AI-powered tool, Claude Code. The leak includes nearly 2,000 TypeScript files and has already been shared with competitors and enthusiasts.
The mistake was discovered when Anthropic released a new version of Claude Code’s npm package, which included an unsecured source map file that granted access to the entire codebase. Security researcher Chaofan Shou quickly identified the issue on X and shared it publicly.
Despite no sensitive customer data being exposed, Anthropic acknowledged the error in a statement, calling it a “release packaging issue caused by human error” rather than a security breach. The company has rolled out measures to prevent similar incidents in the future.
As developers begin analyzing the leaked code, insights into Claude Code’s memory architecture and other aspects of its functionality have already emerged. This incident highlights the importance of attention to detail in software development and the potential risks associated with human error in the tech industry.
Source: https://arstechnica.com/ai/2026/03/entire-claude-code-cli-source-code-leaks-thanks-to-exposed-map-file