Anthropic has experienced a second major security incident in less than a week, this time leaking approximately 500,000 lines of source code for its popular Claude Code tool across roughly 1,900 files. The incident follows an earlier accidental exposure of nearly 3,000 internal files, including a draft blog post describing a powerful upcoming model known internally as "Mythos" or "Capybara." While Anthropic confirmed that no customer data or credentials were exposed, security experts warn the leak could allow competitors to reverse-engineer how Claude Code works and potentially understand the company's internal architecture .

What Exactly Was Leaked in the Claude Code Incident?

The leaked source code specifically exposed the "agentic harness" that powers Claude Code, which is the software layer sitting around Anthropic's underlying language model. This harness is responsible for instructing Claude Code how to use other software tools and provides the guardrails that govern its behavior. Unlike the model weights themselves, which were not exposed, the harness code reveals critical details about how Claude Code functions behind the scenes .

According to Anthropic, the leak resulted from a "release packaging issue caused by human error." The company uploaded all of Claude Code's original source code to NPM, a platform developers use to share and update software, instead of uploading only the finished, compiled version that computers actually run. A cybersecurity professional reviewing the incident suggested this mistake likely occurred when someone took a shortcut that bypassed normal release safeguards .

How Could This Leak Impact Anthropic's Competitive Position?

The exposure of Claude Code's source code presents several risks to Anthropic's market position. Competitors with technical expertise could now reverse-engineer how the agentic harness works and use that knowledge to improve their own products. Additionally, some developers may seek to create open-source versions of Claude Code's harness based on the leaked code, potentially fragmenting Anthropic's control over this popular tool .

Roy Paz, a senior AI security researcher at LayerX Security, raised additional concerns about the broader implications. He noted that the leaked code could reveal non-public details about how Anthropic's systems work, such as internal APIs and processes. This information could help sophisticated actors better understand the architecture of Anthropic's models and how they are deployed, potentially informing attempts to work around existing safeguards .

"Usually, large companies have strict processes and multiple checks before code reaches production, like a vault requiring several keys to open. At Anthropic, it seems that the process wasn't in place and a single misconfiguration or misclick suddenly exposed the full source code," said Roy Paz.

Roy Paz, Senior AI Security Researcher at LayerX Security

What Do We Know About Anthropic's Upcoming Capybara Model?

The leaked code provided additional evidence about Anthropic's next-generation model, internally called Capybara or Mythos, which the company is actively preparing to launch. According to security researchers analyzing the leaked materials, Capybara appears to represent a new tier of model that would be even larger and more capable than Anthropic's current flagship Claude Opus model, though also more expensive .

Currently, Anthropic markets its Claude models in three size tiers. Claude Opus represents the largest and most capable versions; Claude Sonnet offers a middle ground with faster performance and lower cost but reduced capability; and Claude Haiku is the smallest, cheapest, and fastest option. Capybara would introduce a fourth tier above Opus, potentially with a larger context window, which refers to how much text the model can process at once .

Steps to Understand Anthropic's Model Lineup and Security Implications

• Current Model Tiers: Anthropic offers Claude Opus for maximum capability, Claude Sonnet for balanced performance and cost, and Claude Haiku for speed and affordability, with Capybara potentially adding a premium tier above Opus.
• Cybersecurity Risk Profile: Claude Opus is already classified by Anthropic as a dangerous model regarding cybersecurity risks, as it can autonomously identify zero-day vulnerabilities in software, capabilities that could be weaponized by hackers or nation-states.
• Agentic Harness Function: The leaked code exposed how Claude Code's agentic harness instructs the underlying AI model to use other software tools and enforces behavioral guardrails, which is distinct from the model weights themselves.
• Competitive Reverse-Engineering Risk: Competitors can now analyze the leaked source code to understand Claude Code's architecture and potentially create competing or open-source versions based on the exposed implementation details.

Is This Anthropic's First Security Incident?

No. This is the second time in recent months that Anthropic has inadvertently leaked details about Claude Code. In February 2025, an early version of Claude Code accidentally exposed its original code in a similar breach, revealing how the tool worked behind the scenes and how it connected to Anthropic's internal systems. Anthropic subsequently removed the software and took the public code down at that time .

The pattern of repeated leaks raises questions about Anthropic's internal release processes and quality control measures. The company stated it is "rolling out measures to prevent this from happening again," but the recurrence suggests that previous remediation efforts may not have been comprehensive enough .

Claude Code has become perhaps Anthropic's most popular product, with soaring adoption rates among large enterprises. The tool's popularity makes these security incidents particularly significant, as the exposed code could affect thousands of organizations relying on the platform. The combination of two major leaks within days underscores the challenges even well-resourced AI companies face in managing complex software release processes and protecting proprietary technology .