Published: 2026 Apr 1
Like i don't know what to say, could this be worth millions, i don't know. So i woke up or something like that in the morning, i didn't get any wind at first as i'm not an AI guy or was i free. So I was not having a clue for about 2 hours, but then i got the news from a server in Discord, i was surprised to say the least, as even if i was not an AI guy, i was still knowledgeable about Claude and it's popularity, and to see the source code literally online for free was just otherworldly, but at the same time something like this already had a chance of happening as it had happened before, yeah with claude itself in 2025 February on Claude's launch day or something(reference from Dave Shoemaker) but when compared to this, that was nothing, because here almost everything of the orchestration logic of Claude 4.6 was leaked.
And when i dug deeper, the whole thing looked stupid, it was that the map file for the version 2.1.88 had all the source code needed for every file within a sourcesContent array, and with this anybody could just run a simple script to map all the files and all the 512000 lines of Anthropic's original code in TypeScript. And all this happened just with the npm package for the 2.1.88 which had accidentally included these source files. So all of this was just behind a command like npm publish --access public and such a simple error(or a 'human error' as quoted by Anthropic) could cause this mayhem(only for the company as i'm happy with this data harvester getting hit hard).
So the reception and response to this breach was your usual stuff, Anthropic was hit hella hard by the media amd everyone concerned. The leak was first found by a developer/security researcher by the name of Chaofan Shou who at approximately 4:23 AM (ET) on 31 March found this leak and posted about itbon X(@Fried_rice), and he provided a direct download link to the original expoaed source code in TypeScript hosted on Anthropic's Cloudflare R2 bucket (which by this time would be have been taken down), but then soon, a prominent Korean researcher who goes in the interconnected network by the name of Sigrid Jin published a Python-ised version of the source code under a new name of 'Claw-Code' on GitHub and boy, that repo bece the fastest growing GitHub repo of all time and by now mostly be having more than 160000 stars on GitHub.
But you guys be careful as some guys(idbzoomh1) has published repos with names like 'Leaked Claude Code' which was actually a lure attack containing Vidar. So i suggest you guys to download the Claw-Code instead of anything which looks suspicious on GitHub amd says stupid stuff like it offers 'enterprise features'.
The code was immediately analysed by devs, and the result was both expected and surprising, people found a some new features which was in beta or was unreleased like a feature called Buddy which was tamagotchi style companion, and a continuously used term in the code called KAIROS which was likely an always-on agent mentioned in the code nearly 150 times, according to the code it acts proactively in the background, responding to GitHub webhooks or Slack messages. It also had some questionable features like the telemetry and 'kill switch', which showed that the CLI tool polls an Anthropic settings endpoint every hour. This allows the company to remotely toggle feature "kill-switches" and push policy changes to your local running instance without your direct interaction. But it was expected as for an AI company which would do anything to harvest your data. The code also had some info on some upcoming models(names like Capybara and Fennec).
When i audited the code when i was free, it was not a magic box that everyone said it was but more like a really normal source code for a pretty powerful agent. So i was not necessarily surprised by the features but was surely surprised on the scale of the breach and how much have gone public domain.
And in the middle of this breach some people had used it as a pretty vile opportunity to do some cyber mischief as a bunch of fake repos have popped up in GitHub offering the 'leaked code' which will instead infect your device with something like Vidar and a pretty large scale npm poisoning attack happened in which the users who have downloaded the update(2.1.88) on 31 between 00:21 and 03:29 UTC might have had a chance of inadvertently pulling a Remote Access Trojan(RAT) ware. But cmon, why all this on March 31st, it would've been perfect if it was the April 1st.