The Claude Code Source Leak
(mods: I assume this is blowing up twitter and so discussing it here won’t do additional damage—and there are already a thousand github forks—but I am not actually on twitter, which is why I’m opening discussion here. It’s possible I’m missing something. Feel free to nuke this if so.)
For those that hadn’t heard yet, last night Anthropic appears to have accidentally published a Claude Code update with extractable source code in it. This seems important, but I’m not sure how much so, and I didn’t see an existing discussion here.
My understanding—and hopefully someone will correct me if I’m wrong —is that the actually dangerous part of Claude is the weights, and those were not leaked. So the leak may be embarrassing, it may cost Anthropic some competitive advantage, but it’s not dangerous.
It’s also my understanding that Anthropic has historically been relatively leak-free, until a certain memo leaked a few weeks ago during the DoW incident. Supposedly twice is still coincidence, not enemy action, but it does feel like a questionable coincidence and I wonder if the same person is responsible for both leaks. I don’t know enough about npm packaging to guess how easy it would be to do by mistake. Alternate hypotheses: Human error updating the build tools? AI-written build scripts that somebody was a little too lax reviewing? That last seems more than plausible, come to think of it.
The most questionable thing in the actual codebase I’ve heard mentioned is a stubbed-out feature for “undercover mode” to suppress its self-identification in commit messages (but all that says is that they considered it at some point, maybe as a competitive concession to Codex doing the same thing by default? Unclear). There’s been a few other things too. I haven’t dug into the code myself so I don’t know how seriously to take any of them.
I came here to see if there was any discussion of the situation, didn’t see one, was disappointed, and decided to fix that. Soliciting information from anyone who knows more than me.
[edit:] Takedown notices have gone out, unsurprisingly. At least some (well, at least one) appear to have misidentified forks of CC’s issue-tracker repo as forks of the offending leak. I don’t care enough to object to the one I received, but if anyone from Anthropic sees this, you may want to either debug something or notify github, depending on who’s IDing instances.
honestly, claude code is sufficient good at analyzing compiled assembly that i just sort of assumed people had used claude code to decompile claude code before, and that there were probably discords and irc channels full of people hacking it (in the old sense of the word)
of course, an actual source tree is way better than the results of a decompilation project, but still. i think the importance of this is probably a bit overblown
The main thing I’d expect to get out of source vs. decompilation is the comments. Decompilation can tell you what the code does, but not what the author was thinking when they wrote it.
I agree that it’s suspicious as hell. This one also happened while Dario Amodei was outside the US, doing a deal with the Australian government.
Actually, these are two separate leaks located very closely to each other (so counting the DoW memo leak this makes it three leaks).
There has been a leak of about 3000 unpublished reports internal assets including the info about “Mythos” model testing, and this new separate leak of Claude Code source.
So something does seem to be wrong (might be just too much strain on people, but could be “enemy action” as well).
This seems important, do you have a source for this news?
I think the canonical source has been https://fortune.com/2026/03/26/anthropic-says-testing-mythos-powerful-new-ai-model-after-data-leak-reveals-its-existence-step-change-in-capabilities/
But if one types
anthropic mythos
into Google, one sees plenty.
Ah, hmm, I was aware of these articles, I had hoped there was a bit more to it that I had missed. Thanks for your help.
It is likely a coincidence. Bun, which is a JavaScript runtime that Anthropic purchased recently, currently has a similar open issue on their Github page. While Jarred Sumner, the creator of Bun, has clarified that this is not the reason for the leak, this open issue shows how easy it is to leak files while packaging. Claude Code is built (vibe coded) almost fully by using Claude Code, so it’s possible it made a configuration mistake which led to the leak. It’s not like there haven’t been configuration mistakes that led to worse consequences in the past.
The leak itself is not too big of a deal—there aren’t some secret techniques used in the creation of Claude Code. There were, however, some surprising feature leaks. Like the tamagochi-like feature they planned to ship called Buddy. Another surprising thing was that they used an old-school regular expression to classify sentiment—looking for profanity keywords. This is surprising, because common wisdom would tell you that they could have just used the LLM to classify sentiment. Whether this was a deliberate choice or just a result of excessive vibe coding, it’s harder to tell.
I think claude code is mostly a play thing for them and they pay 0 attention to it.