Last updated 2 weeks ago
Anthropic, a technology company specializing in AI development, experienced a source code exposure incident on March 31, 2026, when the Claude Code tool source code was accidentally made publicly accessible. Security researcher Chaofan Shou detected the leak and reported it via social media, bringing widespread attention to the exposure. The incident did not involve traditional data records but exposed proprietary intellectual property and development assets.
The breach originated from a misconfiguration that allowed unauthorized access to Claude Code's source code repository. Attackers quickly weaponized the exposed files, creating malware-laden versions of the software disguised as 'unlocked' tools to target developers. The attack chain involved social engineering through software distribution channels rather than direct exploitation of Anthropic's infrastructure, with threat actors leveraging the leaked code as bait for malware distribution campaigns.
Anthropic has not disclosed specific containment measures or remediation milestones following the incident. The company faces potential intellectual property risks and reputational damage from the source code exposure, though no traditional data breach notifications were required since no customer or user data was compromised in the initial leak.
Accidental exposure of source code online
This incident demonstrates that source code repositories require the same rigorous access controls and monitoring as production systems containing sensitive data. Technology companies developing proprietary AI tools must implement automated scanning for exposed intellectual property across public repositories and version control systems. The rapid weaponization of leaked code highlights the need for real-time threat intelligence monitoring of underground forums and software distribution channels following any intellectual property exposure.
Sign in to join the discussion.
Company
Industry
Location
Discovered
Disclosed
Records Affected
Attack Vector