Anthropic Source Code Leak

Anthropic PBC inadvertently exposed internal source code related to its Claude Code artificial intelligence coding assistant. The accidental release has prompted questions about the security practices of the company, which has prioritized safety in its AI development.

Details of the Exposure

According to a statement released by Anthropic on Tuesday, the exposure involved approximately 1,900 files and 512,000 lines of code. “Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed,” the company stated. Anthropic attributed the incident to a “release packaging issue caused by human error, not a security breach.”

Second Security Incident

This marks Anthropic’s second security issue in recent days. Last week, Fortune reported that the company had stored thousands of internal files, including a draft blog post detailing upcoming models (“Mythos” and “Capybara”), on a publicly accessible system.

Security Concerns Raised

The leak quickly gained attention on social media platform X, with a post sharing a link to the code receiving over 30 million views. Experts have expressed concerns about potential security vulnerabilities.

Potential Exploitation

AI cybersecurity firm Straiker warned that attackers could analyze the exposed code to identify weaknesses. “Attackers can now study and fuzz exactly how data flows through Claude Code’s four-stage context management pipeline and craft payloads designed to survive compaction, effectively persisting a backdoor across an arbitrarily long session,” Straiker noted in a blog post.

Timing and Context

The exposure comes at a critical time for Anthropic. The US government recently designated the company as a supply chain risk, a designation Anthropic is currently contesting in court. The company has warned that this labeling could result in billions of dollars in lost revenue.

Recent Funding and Market Impact

In February, Anthropic secured $30 billion in funding, valuing the company at $380 billion. The release of its products that same month caused significant market disruption, impacting shares of various companies, including those in legal services, software, and cybersecurity.