Claude Code’s 512,000-Line Leak Rattles Anthropic’s $350 Billion IPO Ambitions
Anthropic has suffered a major security breach after accidentally publishing 512,000 lines of proprietary source code for Claude Code, its flagship AI coding tool, through a debug file bundled into a routine npm update on March 31. The leak exposes the full architecture of a product that generates an estimated $2.5 billion in annualized recurring revenue .
Security researcher Chaofan Shou first spotted the exposed source map file in Claude Code version 2.1.88 and posted a download link on X. Within hours, the codebase spread across GitHub, accumulating tens of thousands of forks before Anthropic issued DMCA takedown notices .
Claude code source code has been leaked via a map file in their npm registry!
— Chaofan Shou (@Fried_rice) March 31, 2026
Code: https://t.co/jBiMoOzt8G pic.twitter.com/rYo5hbvEj8
📌 Twitter Embed Description: Security researcher Chaofan Shou announces the discovery of Claude Code source code leaked via an npm registry map file, sharing a download link.
The incident lands just five days after a separate CMS misconfiguration exposed roughly 3,000 internal files, including details on Anthropic’s unreleased “Mythos” model. Two accidental disclosures in one week raise serious operational questions for a company valued at $350 billion and reportedly considering an IPO in the fourth quarter of 2026 .
Once the code hit the internet, it became permanent. Korean-Canadian developer Sigrid Jin, profiled by the Wall Street Journal for consuming 25 billion Claude Code tokens last year, completed a clean-room Python rewrite of the leaked code before sunrise. His repository, claw-code, amassed 50,000 GitHub stars within two hours of publication .
The leaked files revealed an internal feature called “Undercover Mode”—built specifically to prevent Claude from leaking Anthropic’s own secrets. The irony of a secret-keeping feature being exposed in a leak was not lost on observers. The code also exposed 44 feature flags, an unreleased background daemon named KAIROS, and internal model codenames including “Capybara” for a Claude 4.6 variant .
Anthropic confirmed the leak to multiple outlets, characterizing it as a packaging error caused by human error. But for enterprise clients—who account for an estimated 80% of Claude Code’s revenue—the damage may be lasting. The tool’s security logic, permission bypass techniques, and internal architecture are now available on the open internet .
Security experts note that the timing could hardly be worse. Anthropic has been positioning itself as the enterprise-grade alternative to OpenAI, emphasizing safety and security as core differentiators. A leak of this magnitude—coming on the heels of another incident days earlier—undermines that narrative at a critical moment .
Competitors have already begun analyzing the leaked code. Open-source developers are forking and repurposing components. The clean-room rewrite by Jin demonstrates that even without the original codebase, the architectural insights alone are enough to reconstruct significant portions of the tool .
For a company preparing for a public offering, the incident introduces uncomfortable questions about internal controls, security posture, and the reliability of its flagship products. Whether investors will view the leak as a one-time mistake or a symptom of deeper operational issues remains to be seen .
Anthropic has not announced any changes to its IPO timeline. But the combination of two security lapses in five days, the permanent exposure of proprietary code, and the swift replication by the open-source community may force a reassessment of how the company manages its most valuable intellectual property .
