Anthropic's Claude Code Source Leaked: A Paradoxical Blow to Closed-Source AI and Safety Claims

Fireship
#anthropic #claude #source-code-leak #ai-safety #bunjs

On April 1st, 2026, Anthropic, a prominent AI startup known for its safety-first philosophy and advocacy for closed-source development, experienced a significant security incident: the accidental leakage of Claude Code’s entire source code. The breach, which occurred at approximately 4:00 a.m. PT, saw version 2.1.88 of the Claude Code MPM package shipped with an unstripped 57 MB source map file containing over 500,000 lines of TypeScript. Security researcher Chiao Fan Sha quickly identified the anomaly. Despite Anthropic’s legal team issuing DMCA takedowns, the code rapidly propagated across the internet, leading to community-driven initiatives like “Claw Code,” a Python rewrite using OpenAI Codex, and “OpenClaw,” a model-agnostic implementation. The likely culprit identified is Bun.js, Anthropic’s recently acquired JavaScript runtime, which had a known GitHub issue regarding the serving of source maps in production.

Analysis of the leaked codebase has provided unprecedented insights into Claude’s internal workings. Key revelations include its reliance on Axios, a package reportedly compromised by North Korean hackers, and the architectural design of Claude Code as a “dynamic prompt sandwich” with an 11-step input-to-output process, challenging notions of arcane AI magic. The code also exposes extensive hard-coded guardrails and “anti-distillation poison pills” designed to mislead rival models attempting to mimic Claude’s outputs, such as referencing non-existent tools. Furthermore, an “undercover mode” instructs Claude to avoid self-identification in outputs, raising speculation about its potential use in covertly contributing to open-source projects. Other findings include a regex-based “frustration detector” and numerous unreleased features like “Buddy” (a customizable AI companion), “Opus 4.7,” “Capiara” (a teased Mythos model), “Ultra Plan,” “Coordinator Mode,” “Demon Mode,” and “Chyus” – a background agent that maintains a daily journal. This extensive exposure of core logic, development roadmap, and potential security vulnerabilities presents a substantial setback for Anthropic, particularly as it navigates a potential IPO.