What happened
Anthropic accidentally exposed sensitive details of its Claude Code tool on March 31, 2026. Version 2.1.88 of the @anthropic-<a href="/news/2026/3/23/13/ai-cuts-trader-research-time" class="text-primary hover:underline">ai</a>/<a href="/news/2026/2/24/7/ai-models-challenge-academic-output" class="text-primary hover:underline">claude</a>-code npm package included a 59.8 MB JavaScript source map file. This file exposed key internal parts of the platform, allowing public access to approximately 512,000 lines of TypeScript code, including internal model names like Capybara and Fennec, and performance data. Developers mirrored the codebase on GitHub within hours. Anthropic attributed the incident to human error during the release process, not a cyberattack, confirming no sensitive customer data or credentials were exposed.
Why it matters
Rival developers gain a significant advantage, reducing research and development costs for similar AI tools by accessing Anthropic's internal system design, agent architecture, and unreleased features. This incident raises questions about operational security for a company positioning itself on AI safety. For security architects, the exposure of data flow mechanisms allows for crafting targeted payloads. Users must uninstall version 2.1.88 and switch to native installers to mitigate local system vulnerabilities.
Subscribe for Weekly Updates
Stay ahead with our weekly AI and tech briefings, delivered every Tuesday.
