Anthropic accidentally leaks Claude Code

Anthropic accidentally exposed Claude Code source via npm, causing the code to quickly spread online after discovery.

Anthropic accidentally leaked the source code of its Claude Code tool after a large debug file was included in a public npm release. The file exposed over 500,000 lines of code, which were quickly discovered, shared, and analyzed by developers after being flagged online.

“Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.” an Anthropic spokesperson’s told VentureBeat.

Claude Code’s memory system is carefully engineered for reliability and efficiency. Instead of storing everything, it uses a structured, self-correcting approach: a small index tracks pointers, while actual knowledge is fetched only when needed. Memory updates follow strict rules to avoid polluting context, and a background process continuously merges, deduplicates, and prunes data. Memory is treated as a guide, not absolute truth, and verification against real data is required. Irrelevant or derivable details are never stored, keeping the system lean and accurate.

The leaked Claude Code shows how Anthropic keeps its AI focused during long interactions, avoiding confusion or errors. It uses a layered memory system where a small index tracks locations instead of storing full data, and the actual information is retrieved only when needed. Failed updates don’t affect the AI’s memory, keeping it accurate. Essentially, the model treats its memory as a guide, checking details against the real data before taking action, offering a clear example for others to create more dependable AI agents.

“The leak also pulls back the curtain on “KAIROS,” the Ancient Greek concept of “at the right time,” a feature flag mentioned over 150 times in the source. KAIROS represents a fundamental shift in user experience: an autonomous daemon mode.” states VentureBeat. “While current AI tools are largely reactive, KAIROS allows Claude Code to operate as an always-on background agent. It handles background sessions and employs a process called autoDream. In this mode, the agent performs “memory consolidation” while the user is idle. The autoDream logic merges disparate observations, removes logical contradictions, and converts vague insights into absolute facts.”

The leak reveals Anthropic’s internal AI roadmap, including Capybara (Claude 4.6), Fennec (Opus 4.6), and the unreleased Numbat. Capybara v8 faces a 29–30% false claims rate versus 16.7% in v4. Features like “Undercover Mode” let Claude Code contribute to public repositories without revealing internal info.

The Claude Code leak not only compromises Anthropic’s IP but also exposes Anthropic’s internal architecture, giving attackers a roadmap to bypass security prompts.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Claude Code)