Critical Vulnerability Found in Claude Code Days After Source Code Leak

The security news nobody wanted to see: just days after Anthropic accidentally leaked 500,000 lines of Claude Code's source code, security researchers have already identified critical vulnerabilities.

The leak occurred on March 30-31, 2026, when version 2.1.88 of the @anthropic-ai/claude-code npm package was inadvertently published with an intact debug source map (.map) file. This exposed nearly 2,000 files and the entire internal TypeScript architecture. Anthropic described it as a "packaging issue caused by human error" and assured that no customer data was compromised.

But the code was out. And it didn't take long.

Within days, security researchers identified shell injection bugs that could allow remote code execution (RCE) and API key exfiltration. The leak also revealed an internal "Undercover Mode" where Claude Code is designed to avoid disclosing internal codenames or acknowledging its AI nature in public open-source projects.

The incident has drawn attention from U.S. lawmakers who have raised national security concerns. The code spread rapidly across GitHub forks, and Anthropic has issued over 8,000 copyright takedown requests to limit the spread.

For CIOs and technology leaders, the message is clear: teams using Claude Code should consider restricting access to sensitive systems until Anthropic issues a comprehensive security update. Rotate API keys and enable logging of Claude Code activity as immediate mitigation steps.