If you had “Major AI Lab accidentally open-sources its proprietary crown jewels” on your 2026 bingo card, congratulations. You’re having a very good, albeit chaotic, week.
For everyone else, the last few days have been a blur of leaked source code, secret model specs, and a sudden, frosty relationship between one of the world’s most valuable AI startups and the U.S. Department of Defense. At the center of it all is Anthropic, a company that literally built its entire brand on the concept of AI Safety.
The irony is thick enough to cut with a knife. As it turns out, the greatest threat to a company building superhuman intelligence isn’t necessarily a rogue AGI or a sophisticated state-sponsored hack, it’s a developer forgetting to check a config file before hitting “publish.”
The NPM Oversight That Shook the Dev World
On March 31, 2026, a security researcher named Chaofan Shou noticed something odd about the latest update to Claude Code (v2.1.88), Anthropic’s flagship command-line tool. It wasn’t just a routine patch; the package included a 60MB file called cli.js.map (The Decoder).
For the non-coders: a source map is like a Rosetta Stone. It translates compressed, unreadable production code back into the original, human-readable TypeScript that engineers actually write. Because this file was left in the public npm registry, anyone could reconstruct Anthropic’s proprietary logic. Within hours, over 512,000 lines of code were mirrored across GitHub (LiveMint).
This wasn’t a hack. It was a negligent insider event. A “human error” in the packaging process effectively handed the world a blueprint of how Claude interacts with file systems, manages permissions, and orchestrates its internal agents.
Mythos and the Capybara Tier
The timing couldn’t have been worse. Just days prior, on March 27, Anthropic suffered another internal oversight when draft blog posts and assets for an unreleased model, Claude Mythos, were accidentally left in a publicly accessible data cache (Financial Express).
The leak revealed that Mythos is a step-change model specifically optimized for cybersecurity; capable of identifying and exploiting vulnerabilities at a level that sent traditional cybersecurity stocks like CrowdStrike into a $14.5 billion tailspin (AI Business). It also teased a new ultra-premium tier called “Capybara,” positioned even higher than the current Opus model.
From Partner to Supply Chain Risk
While Anthropic was dealing with these internal leaks, the political landscape shifted underneath them. In late February 2026, the Pentagon officially designated Anthropic as a “supply chain risk” (Mayer Brown).
This is the first time an American AI company has received such a label. The designation effectively bans military contractors from using Claude, citing concerns that the system could be subverted or surveilled by adversaries. While Anthropic has fired back with a federal lawsuit, the recent string of leaks makes the government’s risk argument look a lot more prophetic than it did a month ago.
The Anatomy of a Negligent Insider
In the world of corporate security, we often obsess over “Malicious Insiders” as the spies and the saboteurs. But the Anthropic case proves that negligent insiders are often the more dangerous breed.
These are well-meaning employees who bypass security protocols to move faster. According to recent industry reports, negligence-driven incidents now account for over 53% of all insider risk losses, costing companies an average of $10.3 million per incident (Infosecurity Magazine).
The case for negligence here is grounded in the “Standard of Care.” When a company handles tools that can automate cyber-attacks or manage sensitive infrastructure, the threshold for what constitutes an “acceptable mistake” drops significantly. If a junior developer can accidentally leak the blueprints for a frontier AI model, the systemic controls, or lack thereof, are the real problem.
What’s Next?
Anthropic is currently playing a high-stakes game of Whack-A-Mole, trying to scrub GitHub mirrors of their source code while fighting the U.S. government in court.
For the rest of the industry, the lesson is clear: AI safety starts with boring security. You can have the most “aligned” AI in the world, but if your CI/CD pipeline allows a raw source map to hit a public repo, your safety guardrails are effectively non-existent.
Sources:
- The Decoder: Anthropic accidentally publishes Claude Code source code
- LiveMint: Anthropic’s AI coding tool, Claude Code, reveals source code
- Financial Express: What is Anthropic Claude Mythos? Leak details
- AI Business: What Anthropic Mythos means for AI Labs
- Mayer Brown: Pentagon Designates Anthropic a Supply Chain Risk
- Infosecurity Magazine: Cost of Insider Incidents Surges in 2026
Leave a Reply