Anthropic’s Week of Leaks: Source Code, a Secret Model, and a War with the Pentagon

Every technology company is vulnerable to security failures. What separates those that weather them from those that don’t is how they respond. Anthropic had one week to find out exactly where it stands.

In less than seven days, the company behind Claude accumulated three separate incidents that, individually, would each be a headline. Together, they paint an unusual portrait of an organization growing faster than its own internal controls can handle.

The Source Code Leak

On Tuesday morning (March 31), security researchers identified that version 2.1.88 of Claude Code — Anthropic’s CLI tool available via npm — included a 57 MB .map file that had no business being there.

Map files are generated during the build process for debugging purposes. When bundled into a public package, they allow anyone to reconstruct the original source code from the compiled output — which is exactly what happened.

Within hours, the technical community had extracted and published over 1,900 TypeScript files, totaling roughly 512,000 lines of code. The repository was forked more than 41,000 times on GitHub before any official response.

Anthropic confirmed the incident, attributing it to human error in the release packaging process, and stated that no customer data or credentials had been exposed.

What the code revealed, however, went well beyond the product’s internal architecture:

  • Project “Capybara”: An unannounced model family with three variants — capybara, capybara-fast, and capybara-fast[1m] — none of which had been publicly disclosed.
  • Project “Kairos”: An experimental persistent memory feature. It utilizes a background subagent (daemon) with a 15-second “heartbeat” to monitor PRs and files, consolidating daily user logs via a nightly “DREAM” mode to improve long-term context.
  • “Buddy”: A terminal pet system featuring 18 species—including axolotls, ducks, and dragons—with rarity tiers and “shiny” variants. Stats like DEBUGGING, CHAOS, SNARK, and WISDOM transform the CLI into a Tamagotchi-style retention engine. It signals a move to gamify the developer’s daily workflow; a recognition that in 2026, personality and engagement outweigh sterile tools.
  • Frustration telemetry: The system tracks behavioral signals such as how often users swear and how frequently they type “continue” — both used as proxies for model frustration.

Mythos: The Model That Leaked First

This was not the week’s first incident. Days earlier, Fortune reported that Anthropic had left a content management system data cache publicly accessible — including unpublished draft blog posts.

Among the exposed documents was a description of a new model called Claude Mythos, also referenced internally as “Capybara.” The draft, recovered by security researchers at LayerX Security and the University of Cambridge, described the model as the most capable Anthropic had ever built, with meaningful advances in reasoning, coding, and cybersecurity.

Anthropic confirmed the model exists and is currently being tested with early-access customers, describing it as a step change in performance relative to previous models. The company attributed the exposure to a misconfigured CMS, where uploaded assets were public by default unless explicitly marked private.

In total, approximately 3,000 files — including images, PDFs, and unpublished blog pages — were accessible without authentication before the company locked them down after being notified.

Running parallel to all of this, Anthropic won a significant legal ruling on March 26.

In February, Defense Secretary Pete Hegseth had designated the company a supply chain risk — a label historically reserved for foreign adversaries like Huawei. The move, accompanied by a Truth Social post from President Trump ordering federal agencies to immediately cease using Anthropic’s products, posed a direct threat to hundreds of millions of dollars in existing contracts.

Anthropic sued. Federal judge Rita Lin granted a preliminary injunction blocking the measures, in a 43-page ruling that characterized the government’s actions as unconstitutional First Amendment retaliation.

The origin of the dispute: Anthropic refused to grant the Pentagon unrestricted access to Claude for “all lawful purposes,” including use in autonomous weapons and domestic mass surveillance. The government wanted complete operational freedom; the company held two firm red lines. The $200 million contract signed in July 2025 was not renewed.

What Remains

Three separate crises. One week. The source code exposure is recoverable — the immediate damage is reputational and competitive, not operational. The Mythos leak forced the announcement of a product launch Anthropic wanted to control. The legal victory, however, is concrete: it preserves existing contracts, upholds the company’s stated principles, and sets a meaningful precedent about the limits of government pressure on private technology firms.

Anthropic is growing fast. Its internal processes, evidently, are still catching up.

Sources

Source Code Leak: Fortune | Tech Startups | Let’s Data Science

Claude Mythos / CMS Leak: Fortune – Mythos | Fortune – CMS

Pentagon Legal Battle: CNBC | CNN Business