ANTHROPIC accidentally leaked the source code of its Claude Code tool after a large debug file was included in a public npm release, exposing over 500,000 lines of code that were quickly shared online. The company said no sensitive customer data or credentials were involved or exposed, and described the incident as a release packaging issue caused by human error rather than a security breach, with measures being rolled out to prevent recurrence according to VentureBeat.
The leak also revealed Claude Code’s memory architecture, which uses a structured, self‑correcting approach with a small index that tracks pointers while actual knowledge is fetched only when needed. It shows a layered memory system where updates that fail do not affect memory, keeping the model accurate and treating memory as a guide rather than a source of absolute truth.
The exposed code includes references to internal roadmap elements such as Capybara, Fennec, and Numbat, and notes features like an autonomous daemon mode called KAIROS. The article, published by Pierluigi Paganini on 31 March 2026, emphasises that the incident highlights internal architecture details that could inform potential attackers, while still asserting no data breach occurred.