Anthropic repeats mistake, exposes Claude Code source in latest release

Anthropic has once again exposed the source code of its AI coding tool, Claude Code, in a fresh release, marking the second such incident in a year and raising questions about software release controls at a time when AI tools are seeing rapid enterprise adoption.

The issue was identified on March 31 by security researcher Chaofan Shou, who found that the latest version of the tool contained a file that allowed users to reconstruct the complete underlying source code, according to DEV Community.

---

PACKAGING ERROR LEADS TO FULL CODE EXPOSURE

The exposure stemmed from a source map file inadvertently included in the public npm package, a widely used platform for distributing software libraries.

Source maps are typically used during development to link compiled code back to its original human-readable form. However, when included in production releases, they can effectively reveal proprietary code.

In this case, the file enabled access to 1,906 internal source files, including elements of API design, telemetry systems, encryption tools and internal communication protocols, according to BlockBeats.

While the incident was not the result of a cyberattack, experts note that such basic packaging errors should not occur in finished software products, particularly those used in professional environments.

---

SECOND INCIDENT IN A YEAR

The latest leak mirrors a similar issue reported in February 2025, when an earlier version of Claude Code exposed its source code due to the same oversight, according to Odaily.

Anthropic had removed the affected version at the time, but the recurrence suggests gaps in release validation processes.

The newly exposed code was quickly archived on public repositories, attracting significant developer attention within hours of discovery, further amplifying its visibility.

---

LIMITED USER RISK, BUT STRATEGIC CONCERNS

Initial assessments indicate that the leak does not involve user data or model weights.

According to BlockBeats, the exposure is limited to the client-side implementation of the Claude Code tool, meaning there is no direct risk to user conversations or personal data.

However, the incident does expose internal system design and security architecture, which could create longer-term risks, including potential exploitation of vulnerabilities or replication of proprietary systems.