Jitterbit iPaaS
Jitterbit API Manager
Jitterbit App Builder
Jitterbit EDI
Marketplace
Management Console
Cloud Datastore
Message Queue
Jitterbit AI
By Amber Wolff, Content Manager
Enterprise security is often framed as an arms race between threat actors and cybersecurity professionals. But it’s also a foot race, between major technological advancements and the means we have defending against any new risks these new technologies present.
Jitterbit CEO Bill Conner spent decades heading efforts to secure enterprise networks around the globe, and he’s seen this cycle play out several times in his career. One of his top priorities when coming to Jitterbit was ensuring that all the company’s solutions were built with security at the core, and that Jitterbit AI innovations were more secure, governable, transparent and accountable.
But as we’ve seen in the aftermath of this week’s Claude leak, many organizations that took a “deploy first and ask questions later” approach to AI are beginning to wake up to the dangers of approaching security as an afterthought.
Conner recently joined Jitterbit CTO Manoj Chaudhary and CMO Geoff Blaine to discuss the leak and the larger issues it raises for enterprise security. You can watch the full jTalk video below:
Understanding the Claude Source-Code Leak
On March 31, 2026, Anthropic, developer of the popular Claude LLM, issued an update that mistakenly included a Javascript source map, an internal use file. This file pointed to an archive on the company’s internal content management system — and due to a misconfiguration, at least half a million lines of proprietary source code for the AI-powered coding assistant, Claude Code, were made publicly accessible.
Containing what the Wall Street Journal called “commercially sensitive information,” the trove included the code running on Anthropic developer machines that detail how the agentic coding ecosystem runs, including tools and instructions for getting their AI models to act as coding agents.
Within 24 hours, the link had been shared on X and viewed nearly 30 million times. It was mirrored countless times on Github and elsewhere, popping up more quickly than Anthropic could issue DMCA requests to take them down.
Foreseeing this outcome, a developer set to work rewriting the TypeScript code, creating a similar but distinct version in the Python coding language in an effort to avoid legal repercussions.
This new repository, dubbed “claw-code,” became the most rapidly growing repository in GitHub history, easily soaring past Anthropic’s original Claude Code repository. And it might be here to stay, as it’s unclear exactly what recourse Anthropic might have.
Based on Anthropic’s own statements, 90% of Claude Code is AI-generated — and AI-generated materials aren’t subject to the same protections as those created by humans. What’s more, mirrors have popped up across the globe, in places where it would be much more difficult to enforce a U.S.-based copyright law.
What This Means for Businesses
In the 2026 Jitterbit AI Automation Benchmark Report, we found that more than half of respondents were using AI for coding. For companies shipping AI-created production code, the intellectual property implications here are obvious.
But the security implications are even more ominous.
While not the result of a security breach itself, the leak is already indirectly contributing to an unknown number of breaches at other companies. According to ZScaler, “Threat actors can, and already are, seeding trojanized versions [of the leaked code] with backdoors, data exfiltrators or cryptominers.Unsuspecting users cloning ‘official-looking’ forks risk immediate compromise.”
Coverage from ThreatLabz goes on to suggest these malicious repositories are appearing on GitHub, and are also showing up in Google results.
To make matters worse, one rewritten version of the Claude code boasts that it has removed all guardrails and telemetry, potentially making it easier to use LLMs to craft malicious code or find vulnerabilities.
While Anthropic was quick to explain that the leak was a result of human error, that raises more questions than it settles — namely about the operating practices of companies like Anthropic as a whole. Security experts were quick to point out that this was actually the second Anthropic data leak in recent weeks, and could suggest bigger internal security issues within the company.
Anthropic was built on constitutional AI and extreme caution — but as Jitterbit CTO Manoj Chaudhary pointed out, “It was tripped up by .3 megabytes of source map file.” Chaudhary went on to say the incident should prompt companies to make sure that they’re widening their security focus to overall safety, like operations security, to avoid a similar outcome.
The Importance of Layered Security & AI Accountability
Chaudhary suggests that a layered security approach is critical to avoiding risks from incidents like this. As he pointed out, the leak exposed a feature that could be capable of bypassing some security measures — necessitating a stronger security framework to protect sensitive data and maintain operational integrity now that this feature could be in the hands of bad actors.
Conner agreed, stating that the shift from one-off pilot deployments to end-to-end agentic operations highlights the necessity of tracking coding and algorithms effectively. He recommended new governance frameworks that align with existing security standards, such as SOC compliance, and clearly define responsibilities and accountabilities related to AI systems.
As AI systems evolve, Conner said, companies need to adopt practices that allow them to monitor and analyze AI behavior effectively, understanding the decision making processes of AI systems and ensuring that there is transparency in how data is used. AI systems should regularly be assessed for vulnerabilities and to ensure continued compliance.
The Claude source-code leak serves as a critical reminder of the vulnerabilities present in AI systems and the importance of establishing trust and security in AI applications. As enterprises continue to navigate the complexities of AI deployment, prioritizing layered security, governance and observability will be essential for ensuring responsible AI practices.
By adopting these strategies, organizations can build a more secure foundation for their AI initiatives and avoid the reputational and operational fallout from an event like this.
