{"id":7657,"date":"2026-04-01T02:15:55","date_gmt":"2026-04-01T02:15:55","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=7657"},"modified":"2026-04-01T02:15:55","modified_gmt":"2026-04-01T02:15:55","slug":"anthropic-employee-error-exposes-claude-code-source","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=7657","title":{"rendered":"Anthropic employee error exposes Claude Code source"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic\u2019s open npm registry account, a risky mistake, says an AI expert.<\/p>\n

\u201cA compromised source map is a security risk,\u201d said US-based cybersecurity and AI expert Joseph Steinberg<\/a>. \u201cA hacker can use a source map to reconstruct the original source code and [see] how it works. Any secrets within that code \u2013 if someone coded in an API key, for example \u2013 is at risk, as is all of the logic. And any vulnerabilities found in the logic could become clear to the hacker who can then exploit the vulnerabilities.\u201d<\/p>\n

However, Anthropic spokesperson told CSO<\/em>, \u201cno sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We\u2019re rolling out measures to prevent this from happening again.\u201d<\/p>\n

But it wasn\u2019t the first time this had happened; according to Fortune<\/a> and other news sources, the same thing happened last month.<\/p>\n

Don\u2019t expose .map files<\/h2>\n

Map files shouldn\u2019t be left in the final version of code published on open source registries, where anyone can download a package; they can be sources of useful information for hackers.<\/p>\n

According to developer Kuber Mehta, who published a blog on the latest incident<\/a>, when someone publishes a JavaScript\/TypeScript package to npm, the build toolchain often generates\u00a0source map files\u00a0(.map\u00a0files). These files are a bridge between the minified\/bundled production code and the original source; they exist so that when something crashes in production, the stack trace can point to the\u00a0actual<\/em>\u00a0line of code in the\u00a0original<\/em>\u00a0file, not to some unintelligible reference.<\/p>\n

What\u2019s available in these files? \u201cEvery file. Every comment. Every internal constant. Every system prompt. All of it, sitting right there in a JSON file that npm happily serves to anyone who runs\u00a0npm pack\u00a0or even just browses the package contents,\u201d said Mehta.<\/p>\n

\u201cThe mistake is almost always the same: someone forgets to add\u00a0*.map\u00a0to their\u00a0.npmignore<\/em>\u00a0or doesn\u2019t configure their bundler to skip source map generation for production builds,\u201d Mehta said. \u201cWith Bun\u2019s bundler (which Claude Code uses), source maps are generated by default unless you explicitly turn them off.\u201d<\/p>\n

Think of a source map as a file that shows what parts of minified computer code, which is not easily understandable to humans, are doing, shown in the human-readable source code, said Steinberg. For example, he said, it may indicate that the code in a specific portion of the executable code is performing the instructions that appear in some specific snippet of source code.<\/p>\n

A source map can help with debugging, he added. Without it, he said, many errors would be identified as coming from a larger portion of code, rather than showing exactly where the errors occur.<\/p>\n

The world learned of this incident when security researcher Chaofan Shou posted this message early Tuesday on X<\/a>: \u201cClaude code source code has been leaked via a map file in their npm registry!\u201d, along with a link to the file.<\/p>\n

A common error<\/h2>\n

Leaving source map files in a package \u201cis an incredibly common mistake developers make quite often,\u201d said secure coding trainer Tanya Janca<\/a>. \u201cIn this specific situation, it is more serious than it would be somewhere else, mostly because of the incredibly high value of the intellectual property involved, and because now malicious actors can analyze the source code directly for vulnerabilities instead of having to reverse engineer it, which adds time, cost, and complexity.\u201d<\/p>\n

Ideally, Janca said, developers should harden their build environment, so they don\u2019t ship debug information\/features with production. She offered these tips to developers:<\/p>\n

disable source maps in the build\/bundler tool;<\/p>\n

add the .maps file to the .npmignore \/ package.json<\/em> files field to explicitly exclude it, even if it was generated during the build by accident;<\/p>\n

exclude the .maps files from the list of published artifacts in the continuous integration\/continuous deployment environment;<\/p>\n

carefully separate debug builds from production builds if there are differences; even the comments could be incredibly sensitive.<\/p>\n

A critical layer<\/h2>\n

Any exposure of source code or system-level logic is significant, because it shows how controls are implemented, commented Dan Schiappa<\/a>, president of technology and services at Arctic Wolf. With this information exposed, the number of people who now understand how the model enforces behavior, manages access, and handles edge cases increases, he said.<\/p>\n

\u201cIn AI systems, that layer is especially critical,\u201d he added. \u201cThe orchestration, prompts, and workflows effectively define how the system operates. If those are exposed, it can make it easier to identify weaknesses or manipulate outcomes. Knowing that attackers are still discovering the most optimal ways to leverage AI means that in any instance where a tool could be compromised, there are likely cybercriminals waiting in the wings.\u201d<\/p>\n

This article originally appeared on InfoWorld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic\u2019s open npm registry account, a risky mistake, says an AI expert. \u201cA compromised source map is a security risk,\u201d said US-based cybersecurity and […]<\/p>\n","protected":false},"author":0,"featured_media":7658,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-7657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7657"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7657"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7657\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/7658"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}