Penta Security Inc. > Blog > Anthropic Claude Code’s Source Code Leaked by Accident

Anthropic Claude Code’s Source Code Leaked by Accident

2026-04-01 Blog
Claude Code data leak source code

Anthropic Claude Code’s Source Code Leaked by Accident

Anthropic accidentally leaked the complete source code for its “Claude Code” CLI tool on March 31, 2026. The exposure occurred when an unobfuscated TypeScript source map was bundled into a public npm package (v2.1.88). In other words, the leak was due to a build pipeline misconfiguration. The 512,000-line codebase revealed internal model codenames such as “Capybara.”  Claude Code leak exposed nearly 3,000 unpublished assets, including details of a next-generation model called “Claude Mythos.” According to Claude Code’s leak, the new model features autonomous reasoning and “recursive self-fixing” capabilities. Anthropic attributed Claude Code leak to human error rather than a targeted breach.

Source: The Register

 

Italy Bank, Intesa Sanpaolo, Data Breach Impacts 3,500

Italy’s data protection authority has fined bank Intesa Sanpaolo €31.8 million following a prolonged internal data breach. An investigation revealed that an employee unauthorizedly accessed the sensitive banking information of over 3,500 customers, including high-profile public figures, over a two-year period. Regulators cited serious GDPR violations, noting that the bank’s monitoring systems failed to detect thousands of anomalous queries. The bank has since dismissed the employee and implemented stricter access controls and enhanced real-time alert systems.

Source: The Cyber Express

 

Quantum Threat Timeline is Shirinking

Google has issued a stark warning that “Q-Day” could arrive as early as 2029. This accelerated timeline challenges earlier estimates from the NSA and NCSC, which targeted the early 2030s. To mitigate harvest-now-decrypt-later threats, Google is integrating NIST-standardized post-quantum cryptography (PQC) into Android 17. Experts suggest this move forces the tech industry to treat quantum migration as an immediate operational priority rather than a distant compliance goal.

Source: Infosecurity Magazine

 

European Commission Data Breach From AWS Cloud Hack

The European Commission is investigating a significant cyberattack on its Amazon Web Services (AWS) infrastructure hosting the Europa.eu platform. Detected on March 24, 2026, the breach allegedly allowed a threat actor to exfiltrate over 350GB of data, including multiple databases and employee records. While the Commission confirmed data was taken, it stated that internal systems remained unaffected. The attacker provided proof of access to BleepingComputer and claims they will leak the data publicly rather than seek a ransom.

Source: Bleeping Computer

 

Hightower Holding Data Breach Impacts 130,000

Wealth management firm Hightower Holding LLC has disclosed a data breach that impacted 131,483 individuals. The incident involved two separate periods of unauthorized access in January 2026, where cybercriminals used compromised user accounts to infiltrate the network and download sensitive files. Compromised data includes full names, Social Security numbers, and driver’s license numbers. Although the breach occurred in early January, notifications were not sent until March 23, prompting several law firms to launch investigations into potential legal claims.

Source: Security Week

 

Click here to subscribe our Newsletter

Tags: