Anthropic has confirmed that internal code for its AI coding assistant, Claude Code, was accidentally leaked due to a packaging error.
A spokesperson from Anthropic stated that no sensitive customer data was exposed and emphasized that this was not a security breach.
The issue arose with version 2.1.88 of the Claude Code npm package, which inadvertently included a source map file revealing nearly 2,000 TypeScript files and over 512,000 lines of code.
The leak has significant implications, providing developers and competitors with insights into Claude Code’s architecture, including its self-healing memory and multi-agent orchestration capabilities.
Notably, features like KAIROS enable Claude Code to function autonomously, performing tasks without human input.
Security experts warn that the exposed code could empower malicious actors to bypass system safeguards, potentially allowing them to execute harmful commands.
Additionally, users who updated the package during a specific timeframe might have downloaded a compromised version containing a remote access trojan.
In response to the leak, attackers have begun typo-squatting npm package names to exploit users attempting to compile the code.
Anthropic has reserved these names to prevent malicious uploads, although the threat remains substantial.
The incident underscores ongoing vulnerabilities at Anthropic, following another recent blunder where internal data was unintentionally made accessible.
As the cybersecurity landscape evolves, the company faces increasing scrutiny regarding its data protection practices.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
