Anthropic Accidentally Leaks 512,000 Lines of Claude Code Source, Exposing Secret AI Architecture and Internal Model Flaws

Anthropic accidentally leaks 512,000 lines of Claude's proprietary TypeScript source code via an npm package, exposing secret AI architecture, unreleased model codenames, a hidden 'Undercover Mode,' and an internal model with a 29-30% false claims rate — while users who installed the package during a specific window face additional supply-chain attack risks and are urged to rotate API keys immediately.

• Anthropic accidentally exposes a 59.8 MB JavaScript source map file containing ~512,000 lines of Claude Code's TypeScript source in npm package version 2.1.88, revealing proprietary agentic memory architecture, unreleased internal model codenames, and a stealth 'Undercover Mode' for anonymous open-source contributions.
• The leaked code exposes Claude Code's three-layer 'Self-Healing Memory' system, an autonomous background daemon feature called KAIROS, and internal performance struggles with the 'Capybara' model variant showing a 29-30% false claims rate, giving competitors a direct blueprint for building rival agentic AI tools.
• Anthropic confirms the incident was caused by human error with no customer data exposed, but users who installed Claude Code via npm on March 31 between 00:21 and 03:29 UTC face additional risk from a separate supply-chain attack on the axios package and are urged to switch to the official native installer and rotate API keys immediately.