A security researcher has uncovered that Anthropic accidentally made the source code for its popular tool, Claude Code, public. This has led hackers to start sharing the code on the developer platform GitHub, accompanied by warnings that some of these posts contain infostealer malware.

AI explained

What happened with the Claude Code leak and malware?

Anthropic accidentally made the source code for Claude Code public, leading hackers to share it on GitHub with some posts containing infostealer malware. The company has issued takedown notices to remove these copies and adaptations. This leak has raised security concerns due to the spread of malware targeting developers and users.

Summary: Claude Code's source code was leaked and shared on GitHub, sometimes with malware attached.
Why it matters: Malware linked to the leak can steal sensitive information, posing risks to developers and users.
Key point: Anthropic is actively removing leaked code copies, but the incident highlights the need for careful source verification and cybersecurity.

Illustration of Hackers Share Claude Code Leak Alongside Malware — AI-generated illustration

Claude Code Leak and Malware Threat

Anthropic has attempted to remove copies of the leak by issuing copyright takedown notices. According to the Wall Street Journal, the company initially tried to remove over 8,000 repositories on GitHub but has since reduced that number to 96 copies and adaptations. This effort aligns with how Anthropic has previously tried to clean up GitHub repositories related to Claude Code.

This is not the first time hackers have exploited interest in Claude Code. In March, 404 Media reported that Google ads led to websites posing as official installation guides but actually downloaded malware when users followed the instructions. We have also seen how the Claude Code leak quickly spread online, raising security concerns.

The recent Claude Code leak exemplifies how cybercrime can capitalize on emerging technologies. This creates significant security risks for developers and users unfamiliar with potential threats. Such malware can steal sensitive information from users’ systems, potentially causing serious consequences for individuals and organizations alike.

Implications for U.S. Developers and Users

AIny brief assessment: This incident highlights the critical need for heightened cybersecurity awareness among developers in the United States. Companies leveraging AI tools must enforce strict security measures to guard against these threats. It is also essential to verify sources carefully before downloading software, especially from unfamiliar websites.

Source: WIRED

⚡ Tool recommendation

Automate AI workflows without coding → Try free