Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Claude Code Faces Security Flaw After Source Leak

Claude Code Faces Security Flaw After Source Leak

Posted on April 2, 2026 By CWS

Claude Code, an advanced AI tool from Anthropic, has found itself under scrutiny due to a significant security issue that emerged shortly after its source code was leaked. This incident has raised concerns about the potential risks and vulnerabilities inherent in the AI system.

Details of the Claude Code Leak

On March 31, 2026, a debugging JavaScript sourcemap for Claude Code version 2.1.88 was accidentally released on npm by Anthropic. This oversight was quickly identified by researcher Chaofan Shou, who shared the discovery on social media, prompting a widespread examination of the de-obfuscated code.

Efforts to reconstruct the code were led by Sigrid Jin, a student at the University of British Columbia, alongside Yeachan Heo. Their efforts resulted in the recreation and dissemination of Claude Code’s source code, comprising 512,000 lines of TypeScript across 1,900 files. While this leak poses certain risks, it does not include sensitive elements such as model weights or customer data, according to Melissa Bischoping of Tanium.

Exploring the Security Vulnerability

Shortly after the source code leak, Adversa AI Red Team uncovered a critical vulnerability within Claude Code itself. This software, consisting of over 519,000 lines of TypeScript, allows developers to manage various tasks from the command line. It features a permissions system designed to regulate command executions through allow, deny, and ask rules.

However, the permission system can be bypassed, potentially allowing unauthorized actions. The vulnerability arises from Anthropic’s performance optimization, which introduced a cap of 50 subcommands to prevent UI freezing. Commands exceeding this limit default to an ‘ask’ prompt, inadvertently allowing malicious instructions to bypass security checks.

Implications and Future Outlook

This vulnerability presents a significant risk, as attackers could exploit it to embed harmful commands within a project’s file, potentially leading to credential theft and supply chain compromises. Despite the presence of a safety layer in Claude’s language model, the flaw in the permission system remains a critical concern.

Adversa AI warns that a sophisticated attacker could leverage this vulnerability to execute malicious payloads, bypassing security measures and posing a threat to cloud infrastructure and CI/CD pipelines. As the situation unfolds, stakeholders will need to address these vulnerabilities to safeguard against potential exploitation.

The discovery of this flaw underscores the importance of rigorous security practices in software development, particularly in AI-driven applications. As the tech community responds to this challenge, ongoing vigilance and improvements in security protocols will be crucial to prevent future breaches.

Security Week News Tags:Adversa AI, AI agent, AI vulnerability, Anthropic, Claude Code, code leak, command line interface, Cybersecurity, data protection, security flaw, software development, Software Security, source leak, TypeScript, vulnerability discovery

Post navigation

Previous Post: Fake CERT-UA Website Distributes Go-Based Malware
Next Post: Ransomware Campaign Mimics Akira in South America

Related Posts

Signal Adds Screenshot-Blocker to Thwart ‘Windows Recall’  Signal Adds Screenshot-Blocker to Thwart ‘Windows Recall’  Security Week News
Apple Seeks Researchers for 2026 iPhone Security Program Apple Seeks Researchers for 2026 iPhone Security Program Security Week News
Opti Raises  Million for Identity Security Platform Opti Raises $20 Million for Identity Security Platform Security Week News
6G Network Security Principles Unveiled by Global Coalition 6G Network Security Principles Unveiled by Global Coalition Security Week News
Security Flaw in Microsoft Android Apps Exposes Billions Security Flaw in Microsoft Android Apps Exposes Billions Security Week News
Clover Security Raises  Million to Secure Software by Design Clover Security Raises $36 Million to Secure Software by Design Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors
  • Scammers Exploit Brand Trust to Lure Casino Traffic
  • FBI Alerts on TeamPCP’s Widespread Developer Tool Attacks
  • AI Code Editor Vulnerabilities Risk OS-Level Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors
  • Scammers Exploit Brand Trust to Lure Casino Traffic
  • FBI Alerts on TeamPCP’s Widespread Developer Tool Attacks
  • AI Code Editor Vulnerabilities Risk OS-Level Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark