Claude's Source Code Got Leaked Across The Whole Internet

On March 31, 2026, Anthropic released version 2.1.88 of Claude Code, their AI-powered coding assistant (think of it like autocomplete for programmers, but it can write entire functions). The update included an internal file that wasn't supposed to be there — a source map that pointed to nearly 2,000 files containing over 512,000 lines of code (Source 28, Source 29). Within hours, developers copied the entire codebase to GitHub, a site where programmers share code. One post linking to the leak got 29 million views on X (Source 28).

The leaked code revealed three major things developers are already using:

1. The exact instructions Anthropic gives Claude Code. These system prompts tell the AI how to behave — like telling a chef the house rules for a kitchen. For example, Claude Code is explicitly told to "run tools in parallel whenever possible" and to "avoid unnecessary apologies" (Source 32).

2. Unreleased features still in testing. Users found references to a Tamagotchi-style pet that sits next to your code and reacts to what you're typing, plus a feature called "KAIROS" that would let Claude Code run continuously in the background like a personal assistant (Source 29).

3. The CLAUDE.md memory system. This is a file you can create in your project that Claude Code always reads first — like leaving sticky notes for the AI. It's where you tell it your coding conventions, which libraries to prefer, and what never to touch (Source 32).

Anthropic called it "human error" and said no customer data was exposed (Source 29). They issued copyright takedown requests to remove the code from GitHub, but not before it became the fastest-downloaded repository in GitHub's history (Source 28). This is the second leak in just over a year — an earlier version of Claude Code's source leaked in February 2025 (Source 28).

The uncomfortable truth is: Anthropic's security practices don't match their AI safety reputation. This company positions itself as the responsible AI lab — the one that refused Pentagon contracts over ethical concerns. Yet they've now leaked internal code twice in 13 months, and recently stored thousands of internal files on publicly accessible systems (Source 28). For a company whose entire brand is "we're the careful ones," this pattern is more damaging than the leak itself.

The irony is rich: Anthropic just released Claude Mythos, a model they claim is "too dangerous to release" because it's exceptionally good at finding security vulnerabilities in code (Sources 13, 16, 18). Meanwhile, they can't keep their own code secure. An AI analyst at Gartner told The Verge this "serves as a call for action for Anthropic to invest more in processes and tools for better operational maturity" (Source 29) — industry speak for "your internal security is embarrassingly sloppy."

For developers using Claude Code, this leak is actually useful. You can now see exactly how the tool decides when to run multiple tasks at once versus one at a time, how its memory system works, and what prompts make it more or less verbose. The CLAUDE.md file alone is a game-changer if you're working on a team — it's a persistent instruction manual that survives across sessions without re-explaining your project every time (Source 32). The downside: if you can see how it works, so can people looking to bypass its guardrails.