Anthropic has recently experienced a series of significant security incidents. Following a Fortune report last week on the accidental leak of their upcoming "Mythos" AI model, the company faced another major exposure. Security researcher Chaofan Shou discovered that Anthropic had inadvertently shipped version 2.1.88 of Claude Code with a 59.8MB source map file attached to its npm package. This oversight effectively provided an exhaustive view into the entire codebase.
The situation escalated when Anthropic initiated a takedown request under U.S. digital copyright law, targeting GitHub repositories containing the leaked code. This action, however, inadvertently led to the removal of over 8,000 repositories, far exceeding the company's stated intent, according to a spokesperson. While Anthropic has since retracted the broader takedown notices, this incident further compounded their operational challenges.
These events have not only exposed critical internal systems but also opened the door to potential new security risks, leaving the AI community to ponder the long-term implications.
The exposure of 512,000 lines of Claude Code's source code provides an unprecedented look into its full architecture. Dr. Zahra Timsah, co-founder and CEO of i-GENTIC AI and a contributor to global AI governance, emphasized that this goes beyond a mere leak. She stated that it constitutes "a structural exposure of how the system thinks and enforces boundaries," revealing "system prompts, orchestration logic, and hidden flags," effectively demystifying what was previously a black box.
In addition to the codebase exposure, an unsecured and publicly accessible data store also revealed details about Anthropic's new "Claude Mythos" model. An Anthropic spokesperson confirmed to Fortune that this model is "the most capable we’ve built to date," marking "a step change" in AI performance.
The same data store also contained information about a new tier of AI models named "Capybara." According to Anthropic's internal documentation, Capybara models are described as "larger and more intelligent than our Opus models," which were previously their most powerful offerings.
While Anthropic promptly secured the data store after being alerted by Fortune, the prior exposure of Claude Code’s full architecture raises significant questions regarding future security. The leaked source code specifically details Claude Code’s "exact permission-enforcement logic," "hook-orchestration paths," and "trust boundaries" crucial for execution decisions, presenting potential vulnerabilities and implications for its security posture.