Anthropic's Claude Code Exposes Its Blueprint in npm Packaging Mishap

Anthropic confirmed on Tuesday that a human error during a software release exposed the internal source code for its Claude Code AI assistant. The company stated no customer data or credentials were involved, characterizing the event as a packaging mistake rather than a security intrusion. The exposed code, made available in a version 2.1.88 npm package, included a source map file granting access to nearly 2,000 TypeScript files.

The codebase, first flagged by researcher Chaofan Shou, quickly spread across the internet, amassing significant attention on social media and GitHub. For developers and competitors, the leak acts as a detailed technical schematic, revealing how Anthropic constructed the tool. Examinations have uncovered its architecture for managing memory constraints, a multi-agent system for complex tasks, and a background operation mode named KAIROS that allows for proactive error correction.

Notable discoveries include an 'Undercover Mode' designed for discreet contributions to public code repositories and defensive measures intended to sabotage attempts to copy Claude's capabilities. The exposure, however, introduces tangible risks. Security analysts warn that understanding the code's internal data flow could lead to more effective methods of bypassing its safeguards.

A separate, immediate threat emerged from a compromised dependency within the same npm release window, potentially installing malicious software. Users who updated the package on March 31 are urged to downgrade and rotate credentials. Furthermore, attackers have begun registering typosquatted package names, hoping to exploit developers attempting to work with the leaked source.

The incident marks the second time in a week that Anthropic has faced an unintended disclosure, following a separate episode where details of an unreleased AI model were left accessible online.

Source: The Hackers News