• Anthropic leaked portions of Claude Code’s internal source code, per CNBC

  • Claude Code hit $2.5B revenue run-rate by February 2026, marking explosive enterprise adoption

  • The breach exposes proprietary AI techniques at a critical moment in the coding assistant wars

  • Security incident could accelerate competitive development as rivals analyze exposed code

Anthropic accidentally exposed portions of Claude Code’s internal source code in what appears to be a significant security incident, according to CNBC. The leak comes as the AI coding assistant has reached a $2.5 billion annual revenue run-rate as of February, underscoring how the breach affects one of the fastest-growing products in enterprise AI. The incident raises immediate questions about code security practices at major AI labs and what proprietary techniques may now be exposed.

Anthropic is dealing with a major security breach after accidentally exposing internal source code from Claude Code, its enterprise AI coding assistant that’s been quietly dominating developer workflows. The leak was first reported by CNBC late Tuesday, though the full scope of what was exposed remains unclear.

What we do know is the timing couldn’t be worse. Claude Code has been on an absolute tear, reaching a $2.5 billion annual revenue run-rate as of February, according to the report. That’s remarkable growth for a product that’s been battling against GitHub Copilot, Amazon CodeWhisperer, and a flood of open-source alternatives. The numbers suggest Claude Code grabbed serious enterprise market share fast.

The leak puts Anthropic in an uncomfortable position. Unlike consumer AI products where the model itself is the secret sauce, coding assistants live or die by their implementation details – how they handle context windows, parse existing codebases, suggest completions, and integrate with developer tools. If substantial portions of that code are now public, competitors get a roadmap to Anthropic’s engineering decisions.

It’s not clear how the exposure happened. Was it a misconfigured repository? An internal tool that got pushed to a public endpoint? Anthropic hasn’t released a statement yet, and the company didn’t immediately respond to requests for comment. The silence is notable given how quickly AI companies usually move to control the narrative around security incidents.