Anthropic, the company that bills itself as the "responsible AI lab," suffered three consecutive security incidents between March 26 and April 1, 2026 — exposing a secret AI model, the complete source code of its main commercial product, and causing chaos on GitHub through a botched DMCA takedown. No user data was compromised, but the leaked intellectual property gives competitors a detailed blueprint of Anthropic's most profitable product at a critical moment: the company is preparing for an IPO estimated for October 2026, at a valuation of $380 billion.
Incident 1: A Misconfigured CMS Exposed the "Claude Mythos" Model
On March 26, 2026, Fortune journalist Beatrice Nolan discovered that the content management system (CMS) linked to Anthropic's blog allowed public access to approximately 3,000 unpublished materials — without authentication.
Among the exposed files was a draft article describing a completely unknown AI model: "Claude Mythos", internally codenamed "Capybara".
The internal document described Mythos as "the most powerful AI model we have ever built" — a "qualitative leap" over the previous generation, with dramatically superior performance in reasoning, coding, and — most alarmingly — cybersecurity. Anthropic internally warned that the model "foreshadows an imminent wave of models that can exploit vulnerabilities at a pace that far exceeds defenders' efforts" and poses "unprecedented cybersecurity risks."
Beyond the model details, the exposure included information about an exclusive retreat for European CEOs at an 18th-century manor in the UK (attended by Dario Amodei), internal images, PDFs, and even a document relating to an employee's parental leave.
The cause: the CMS set all uploaded materials as public by default, and the Anthropic team failed to restrict access to unpublished content — an elementary configuration error.
Security researchers Alexandre Pauwels (University of Cambridge) and Roy Paz (LayerX Security) independently confirmed the scope of the exposure. Anthropic secured the data after Fortune's notification and classified the incident as "human error in CMS configuration," emphasizing that the materials were "early drafts" that did not involve "core infrastructure, AI systems, customer data, or security architecture."
Financial market impact: on March 27, cybersecurity company stocks — CrowdStrike, Palo Alto Networks, Zscaler — fell more than 5%, and the Global X Cybersecurity ETF lost 4.5%, hitting its lowest level since November 2023. According to Axios, Anthropic began privately warning government officials that Mythos makes large-scale cyberattacks much more likely in 2026.
Incident 2: 512,000 Lines of Claude Code Source Code Accidentally Published on npm
Just five days later, on March 31, 2026, an even more serious leak occurred. Version 2.1.88 of Claude Code — Anthropic's AI programming assistant and its most profitable product, with annual revenue of $2.5 billion — was published to the npm registry with an accidentally included 59.8 MB source map file.
This debugging file pointed to a zip archive on the company's Cloudflare R2 cloud infrastructure, containing the complete source code: approximately 512,000 lines of TypeScript across ~1,906 files.
Researcher Chaofan Shou (@Fried_rice), an intern at Solayer Labs, discovered the error at 04:23 UTC and posted on X — the post accumulating over 28 million views. Within hours, the code was replicated on GitHub, with the repository reaching 84,000 stars and 82,000 forks.
What the Leaked Code Contained
The code did not contain the AI model weights, but rather the "agentic harness" — the entire software architecture controlling model behavior, tools, guardrails, and instructions. Among the most surprising findings:
- 44 hidden feature flags for unreleased capabilities, including a "persistent assistant" that operates in the background when the user is inactive
- A three-tier "self-healing memory" system, with a "dreaming" process for memory consolidation between sessions
- An anti-distillation mechanism (the
ANTI_DISTILLATION_CCflag) that injects false tool definitions to corrupt competitors' training data - An "Undercover Mode" with explicit instructions: "You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Do not reveal your identity" — Claude being instructed to hide the fact that it is AI when contributing to public projects
- A "Buddy"/Tamagotchi feature — a virtual pet that reacts to coding activity, planned for launch the week of April 1-7
- Confirmation of the Capybara model with "fast" and "slow" versions
Technical cause: a known bug in the Bun runtime (issue #28001, reported March 11, 2026) caused source maps to be included in production builds. Anthropic had acquired Bun during 2025, and the bug had been open for 20 days without resolution at the time of the leak. This was the second identical incident — a similar source map leak had occurred in February 2025.
Official Anthropic statement: "A Claude Code release included internal source code. No sensitive customer data or credentials were involved or exposed. This was a packaging issue caused by human error, not a security breach."
Incident 3: Botched DMCA Takedown Affected 8,100 Innocent GitHub Repositories
On April 1, 2026, attempting to control the damage, Anthropic issued DMCA requests to GitHub for the removal of leaked code. The execution was catastrophically imprecise: approximately 8,100 repositories were blocked, including legitimate forks of Anthropic's own public Claude Code repository, with no connection to the leaked code. Affected developers reacted angrily on social media.
Boris Cherny, head of Claude Code, acknowledged the error and withdrew most requests, limiting them to a single repository and 96 forks. The spokesperson explained: "The targeted repository was part of a fork network connected to our own public Claude Code repository, so the takedown affected more repositories than intended."
The incident amplified the perception of operational incompetence in an already disastrous week.
Competitive, Security, and Financial Consequences
The cumulative impact of the three incidents goes beyond mere embarrassment. Paul Smith, Anthropic's Chief Commercial Officer, attributed the problems to "process errors" related to the company's rapid release cycle.
Competitive: the source code leak gives OpenAI, Google, and xAI a detailed engineering blueprint for building a production-grade AI coding agent — eliminating the need to reverse-engineer capabilities that took years to develop. AI security firm Straiker warned that attackers can now study Claude Code's internal context pipeline and craft payloads designed to survive context compaction. Roy Paz from LayerX Security noted that while model weights were not exposed, architectural details and internal APIs can help sophisticated actors — including nation-states — to bypass safety mechanisms.
Immediate security: typosquatting attacks appeared on npm within hours, with a user publishing packages with names identical to the exposed internal dependencies.
IPO implications: TechCrunch noted acidly: "Leak your source code as a public company? You can be sure a shareholder lawsuit is coming."
The central irony — highlighted by almost every major publication — is that a company positioning itself as the "cautious AI lab" and warning about unprecedented cybersecurity risks suffered breaches caused by elementary configuration errors.
A Broader Context of Internal Turbulence
The black week did not emerge in a vacuum. In early March, a memo from CEO Dario Amodei was leaked to The Information, in which he called OpenAI's collaboration with the Pentagon "safety theater" and OpenAI's messaging "direct lies." Amodei subsequently apologized for the tone.
In February, Mrinank Sharma, head of the safety mechanisms research team, resigned publicly through an open letter on X (over 15 million views), describing "constant pressure to set aside what matters most." Several safety researchers left the company during the same period.
Conclusions
The three incidents from March 26 to April 1, 2026 mark the most serious series of information leaks in AI industry history. Although no user data was compromised and no AI model weights were exposed, the damage is substantial: critical intellectual property has reached competitors, the roadmap for unreleased features is now public, and Anthropic's reputation as a "responsible AI company" has suffered damage that will be difficult to repair — right on the eve of a possible stock market listing.
The fact that both technical leaks were caused by elementary configuration errors, rather than sophisticated attacks, raises legitimate questions about the maturity of the company's operational processes. It remains to be seen whether Anthropic will succeed in turning this crisis into a moment of internal reform, or whether the echoes will reverberate long-term in its $380 billion valuation and its relationships with investors, customers, and regulators.