Anthropic accidentally released 512,000 lines of Claude Code software's secret source code through a debug file during a normal npm update on March 31.
The leak revealed the entire company's flagship product artificial intelligence coding program architecture. This tool is estimated to generate $2.5 billion in recurring revenue annually.
The second break in five days raises IPO questions
Security researcher Chaofan Shou noticed the public source map file for Claude Code version 2.1.88 and published the download link on X (Twitter).
The codebase spread to GitHub in a matter of hours, spawning tens of thousands of forks before Anthropics' DMCA takedowns took effect.
In light of the case, just five days earlier, a separate CMS settings error had already revealed about 3,000 internal files, including information on the unpublished “Mythos” model.
Two unintended leaks in one week raise operational questions for a company valued at 350 billion dollars that is reportedly considering going public in the last quarter of 2026.
The code is now permanent
Korean-Canadian developer Sigrid Jin, noted by the Wall Street Journal for using 25 billion Claude Code tokens last year, made a complete rewrite in Python before dawn.
His repository, claw-code, gathered 50,000 stars on GitHub within two hours of release.
Leaked files revealed an internal feature called “Undercover Mode,” developed specifically to prevent the leakage of Claude's Anthropic secrets.
The code also contained 44 feature flags, an unpublished background process named KAIROS, and internal model codenames, including “Capybara” for Claude version 4.6.
Anthropic confirmed the leak to several media outlets and called it a packaging error caused by human error. Enterprise customers, who account for 80% of Claude Code's revenue, now have to use a tool whose security logic and rights bypass methods are freely available online.