This AI company leaked its own code. It's also built something terrifying
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “This AI company leaked its own code. It's also built something terrifying” inside PodZeus.
In this episode of Smashing Security, Graham Cluley welcomes special guest Tanya Janka to discuss two alarming cybersecurity incidents: Anthropic's accidental leak of the source code for its AI coding assistant, Claude Code CLI, and a hacker group's claimed breach of Venice's flood defence system. The leak, caused by a packaging error that left debug mode and source map files exposed, has sparked global scrutiny as the code was quickly analyzed and distributed online, raising concerns about intellectual property theft and the potential for malicious actors to exploit vulnerabilities. Meanwhile, the Infrastructure Destruction Squad's Telegram claims of persistent access to Venice's hydraulic pumps—offered for just $600—highlight the growing threat of operational technology (OT) attacks on critical infrastructure, where physical harm is a real possibility. Tanya warns that such breaches are not isolated incidents but symptoms of a broader failure to secure legacy systems and supply chains. The episode also explores the terrifying potential of Anthropic's new AI model, Mythos, which can autonomously discover and chain together novel software vulnerabilities at unprecedented speed, posing a significant risk if it ever falls into the wrong hands. Despite the grim outlook, the hosts reflect on the irony that human error, not AI, is responsible for these failures—offering a small measure of comfort in an increasingly automated world.
Human error, not AI, caused Anthropic's code leak—highlighting the need for better process safeguards and default security configurations.
The exposure of AI model source code enables rapid exploitation and undermines the intellectual property of developers and companies.
Operational technology (OT) systems like Venice's flood defences are vulnerable to cyberattacks with real-world physical consequences.
AI models like Mythos can discover novel software vulnerabilities faster than humans, creating a dangerous dual-use risk if misused.
Organizations must implement strict supply chain security, including hardened CI/CD pipelines and mandatory ignore files to prevent accidental data spills.
…and 3 more takeaways available in PodZeus
The Human Cost of Data Theft and the Rise of Developer Targeting
Graham opens with a personal story of having his data stolen from a government organization and sold for just $50 CAD, setting the tone for the episode’s focus on vulnerability and human fallibility. Tanya Janka introduces herself as a software developer turned application security expert and explains how hackers are increasingly targeting developers directly—through credential theft, crypto wallet raids, and supply chain compromises—to gain access to powerful CI/CD systems.
Decoding CI/CD: The Hidden Power of Automated Software Pipelines
Tanya breaks down the CI/CD pipeline in accessible terms, explaining how it automates code testing, deployment, and distribution across environments. She emphasizes that these systems are among the most powerful in an organization—capable of downloading, installing, and deploying code without human oversight—and warns that if compromised, they can silently release malicious code to millions of users.
Venice’s Flood Defences Under Cyber Threat: A $600 Hack?
“They said, we are not here to destroy you. We are simply here to deliver a message. We can do it. And we are still inside your network.”
The Anthropic Code Leak: A Self-Inflicted Data Spill
“They spilled their intellectual property. And as a person who has made most of her income off of her intellectual property her whole life... that’s one thing. But the other thing is that then the internet got a hold of it and analyzed it for vulnerabilities and started writing exploits for it.”
Mythos: The AI That Finds Vulnerabilities Faster Than Humans
“It's absolutely completely terrifying. It's finding them so, so, so, so, so terribly fast.”
“They spilled their intellectual property. And as a person who has made most of her income off of her intellectual property her whole life... that’s one thing. But the other thing is that then the internet got a hold of it and analyzed it for vulnerabilities and started writing exploits for it.”
“It's absolutely completely terrifying. It's finding them so, so, so, so, so terribly fast.”
“They said, we are not here to destroy you. We are simply here to deliver a message. We can do it. And we are still inside your network.”
Host
Guest
Tanya Janka
person
Graham Cluley
person
Anthropic
organization
Claude Code CLI
product
Venice Flood Defences
other
Mythos
product
Infrastructure Destruction Squad
other
DevSec Station
media
Vanta
organization
CoreView
organization
This man hid $400 million in a fishing rod. Then it vanished
Smashing Security • 45m • 4/1/2026
LinkedIn is spying on you, and you agreed to nothing
Smashing Security • 41m • 4/8/2026
Rockstar got hacked. The data was junk. The secrets it revealed were not
Smashing Security • 51m • 4/22/2026
This developer wanted to cheat at Roblox. It cost millions
Smashing Security • 1h 4m • 4/29/2026
Meta sees everything, Copy Fail, and a deepfake gets hired
Smashing Security • 1h 2m • 5/6/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “This AI company leaked its own code. It's also built something terrifying” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime