What Happened
On March 31, 2026, Anthropic accidentally published the full source code for Claude Code as part of a routine update to NPM, the package registry developers use to download software. A debugging file that was meant to be excluded from the public release was included by mistake. That file pointed to a zip archive on Anthropic's cloud storage containing the complete Claude Code source code.
A security researcher discovered the exposure within hours. By the time Anthropic responded, copies of the code were already being mirrored across GitHub and developer forums. The archive contained roughly 500,000 lines of code across about 1,900 files.
Anthropic confirmed the leak and stated it was a packaging error caused by human error, not a security breach. No customer data or credentials were exposed.
What Was in the Code
The leaked source code revealed the internal workings of Claude Code, one of Anthropic's most important products. Claude Code's run-rate revenue had reportedly reached over $2.5 billion as of early 2026, making it Anthropic's fastest-growing product.
The code showed how Claude Code manages multi-step tasks, coordinates between different tools (file system, terminal, browser), handles context across long sessions, and integrates with the underlying Claude models. This is the operational blueprint for building a production-grade AI coding agent.
More notable were references to unreleased features and an upcoming model. Feature flags in the code suggested capabilities that Anthropic has built but not yet shipped, including session review (where Claude studies its own past sessions to improve), cross-conversation memory, and multi-agent collaboration.
The code also contained references to a model codenamed both "Capybara" and "Mythos," described internally as a new tier more capable than Opus. This came days after a separate accidental exposure of a draft blog post describing the same model.
Anthropic's Response
Anthropic issued thousands of copyright takedown requests on GitHub, initially removing over 8,000 repositories. The company later acknowledged the takedowns swept too broadly, affecting some unrelated projects including Anthropic's own public code. The scope was subsequently scaled back.
Anthropic's chief commercial officer attributed the leak to process errors related to the company's rapid release cycle for Claude Code. The company stated that normal release safeguards were not bypassed and that measures were being implemented to prevent recurrence.
What This Means for Users
For Claude Code users, the practical impact is minimal. The leak did not expose any user data, API keys, or security vulnerabilities that would affect how you use the tool. Claude Code continues to work as before.
The broader concern is about Anthropic's operational security. This was the second accidental data exposure in a single week, following the earlier leak of a draft blog post about the Capybara model. For a company that has built its brand on being the safety-focused AI lab, two exposures in quick succession raises questions about internal processes.
What It Reveals About Claude's Roadmap
For users and the industry, the most interesting aspect of the leak is the window into Anthropic's product direction. The unreleased features suggest that Anthropic is building toward longer autonomous tasks, deeper memory and context persistence across sessions, and multi-agent systems where multiple Claude instances collaborate on complex tasks.
The Capybara/Mythos model references suggest a new, more capable model tier beyond Opus is in development. Based on the leaked information, this model would be Anthropic's most powerful offering yet, potentially with a larger context window and enhanced capabilities.
None of this is confirmed by Anthropic as a shipping product roadmap. Feature flags exist for features that may never ship. Internal codenames change. But the direction of investment is clear: Anthropic is building toward AI that can handle longer, more complex, more autonomous work.
The Bigger Picture
The Claude Code source leak is a notable event in the AI industry for several reasons.
It gives competitors a detailed engineering education on how to build a production AI coding agent. Companies like OpenAI, Google, and others building competing products can study Anthropic's architecture decisions without the R&D investment.
It highlights the tension between rapid product development and operational security. Anthropic ships Claude Code updates frequently, which is good for users but creates more opportunities for packaging errors.
And it underscores that even the companies building the most advanced AI systems in the world are still run by humans who make human mistakes. The leak was not a sophisticated hack or an insider threat. It was someone including a file that should have been excluded. The simplest errors can have the biggest consequences.