Anthropic Responds to Leak Concerns Over Claude Code Source Code

Anthropic PBC Addresses Internal Code Leak Behind AI-Powered Assistant Claude Code

Anthropic PBC is racing to address the inadvertent release of internal source code behind Claude Code, an AI-powered assistant that has become a key moneymaker for the company. Thousands of copies of the code were removed from GitHub following copyright takedown requests from Anthropic, according to a notice on the popular developer platform. However, the takedown impacted more GitHub repositories than intended and has since been significantly scaled back.

The artificial intelligence startup is also taking steps to tweak its internal systems to prevent a similar leak from happening again. This includes improving its automation process to minimize the risk of human error. According to a series of posts on X by Claude Code creator Boris Cherny, Anthropic's "deploy process has a few manual steps, and we didn't do one of the steps correctly." Cherny stated that the company has already "made a few improvements to the automation for next time," with plans for "a couple more on the way."

The accidental release marked Anthropic's second security slip-up in a matter of days. The leak compromised approximately 1,900 files and 512,000 lines of code related to Claude Code. This comes at a delicate moment for the company, as it is currently in a legal battle with the US government over the Pentagon's decision to declare it a supply-chain risk following a standoff over AI safety guardrails.

Read also: Google Pixel Watch Leak: Diver's Discovery Sparks Speculation

Anthropic has warned that the labeling could cost it billions in lost revenue. However, the company has seen significant user and revenue growth in recent months, in part thanks to traction from Claude Code – a tool that's meant to help streamline the process of writing and debugging software. The exposure of the code has sparked thousands of online posts, with some claiming they've uncovered yet-to-be-released features, including an always-on AI agent named Kairos and a system for tracking instances when users express frustration and use profanities.

In a statement, Anthropic confirmed the leak and stated that "no sensitive customer data or credentials were involved or exposed." The company added: "This was a release packaging issue caused by human error, not a security breach." The issue first came to light in a post on the social media platform X that purported to share a link to the code and garnered over 30 million views. Cybersecurity firm Tanium warned that the leak could give malicious actors "useful insight into internals, workflows and likely abuse paths" by studying the code to determine how the tool handles local files and what data it may access during normal operation.