product updateAnthropic

Claude Code source leak reveals Anthropic working on 'Proactive' mode and autonomous payments

TL;DR

Anthropic's Claude Code version 2.1.88 release accidentally included a source map exposing over 512,000 lines of code and 2,000 TypeScript files. Analysis of the leaked codebase by security researchers reveals evidence of a planned 'Proactive' mode that would execute coding tasks without explicit user prompts, plus potential crypto-based autonomous payment systems.

2 min read
0

Claude Code Source Leak Reveals Anthropic's Planned 'Proactive' Mode and Autonomous Payments

Anthropicaccidentally exposed the entire source code of Claude Code when it released version 2.1.88 on Tuesday, causing a significant operational misstep rather than a security breach.

The Leak: Scale and Scope

The company's release included a source map file that exposed 512,000 lines of code and 2,000 TypeScript files. Before Anthropic could remediate, the full codebase was uploaded to a public GitHub repository, where it was copied more than 50,000 times. The leak gave competitors and security researchers comprehensive visibility into Claude Code's architecture and planned features.

Anthropicconfirmed the incident in a statement to Bleepingcomputer: "A Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again."

Planned Features Exposed

Analysis of the leaked source code by researchers has revealed several in-development features:

Proactive Mode: According to Alex Finn, founder of AI startup Creator Buddy, the codebase contains a feature flag for a "Proactive" mode that would allow Claude Code to execute coding tasks autonomously without explicit user prompts. This represents a significant shift from Claude Code's current reactive model.

Crypto-based Autonomous Payments: Finn also claims evidence exists in the code for a cryptocurrency-based payment system that could enable Claude Code agents to make autonomous financial transactions without human authorization.

Virtual Companion: A Reddit post examined by The Verge indicates Anthropic may have experimented with a Tamagotchi-like virtual companion that "reacts to your coding," though this appears to have been developed as an April Fools concept.

Important Caveats

The presence of code for a feature does not guarantee shipping. Internal experiments, abandoned projects, and features in early prototyping stages often exist in codebases but never reach production. Anthropic has not confirmed which, if any, of these discovered features are planned for actual release.

What This Means

While the leak itself was a significant operational error, it provides rare insight into Anthropic's product roadmap. The existence of Proactive mode code suggests the company is exploring more autonomous AI capabilities in coding assistance—aligning with broader industry trends toward agentic AI. The crypto payment infrastructure is more speculative and could represent either genuine R&D or an abandoned experiment. Competitors now have detailed visibility into Claude Code's technical implementation, though Anthropic's claim that no credentials or customer data were exposed limits the security impact. The incident highlights the risks of complex release pipelines and the importance of source map exclusion from production builds.

Related Articles

model release

Claude Sonnet 5 launches on AWS Bedrock with Opus-level intelligence at Sonnet pricing

Anthropic has released Claude Sonnet 5 on Amazon Bedrock and Claude Platform on AWS. The model delivers what Anthropic describes as near-Opus intelligence while maintaining Sonnet-tier pricing, with promotional rates available through August 31, 2026.

product update

AWS to Release Anthropic's Claude Fable 5 on Bedrock with Cybersecurity Guardrails

Amazon Web Services announced it will make Anthropic's Claude Fable 5 models available on Bedrock starting tomorrow, featuring guardrails designed to prevent cybersecurity misuse. When guardrails are triggered, the system automatically falls back to Claude Opus 4.8.

product update

US lifts export restrictions on Anthropic's Mythos and Fable models after compliance agreement

The US government has removed export restrictions on Anthropic's Mythos and Fable models, ending a ban that forced the company to cut off public access on June 12. Anthropic will begin restoring access on July 1 after agreeing to proactively detect security risks and coordinate with the US government on protocols for current and future model releases.

changelog

US lifts export controls on Claude Fable 5, Anthropic to restore access July 1

Anthropic will restore access to Claude Fable 5 on July 1, 2026, after the US Department of Commerce lifted export controls that forced the company to disable the model on June 12. The controls were imposed after Amazon researchers allegedly demonstrated that specific prompts could elicit information useful for cyberattacks.

Comments

Loading...