Anthropic’s code leak goes viral, sparks chaos with 8,000+ GitHub repos taken down

Anthropic has accidentally exposed a large portion of the source code behind its AI coding tool, Claude Code, in what has quickly become one of the company’s most significant data mishaps.

The issue began when a debug file was mistakenly included in a public npm package update, making internal code accessible online. Reports indicate that around 500,000 lines of code across roughly 1,900 files were exposed, offering an unusually detailed look at how the system works behind the scenes.

The leak spread rapidly after being shared on X, where a post linking to the code reportedly gained more than 21 million views within hours. Developers and AI enthusiasts quickly began examining the files and uploading copies to GitHub.

According to analysts, the exposed code belongs to what is described as Claude Code’s “agentic harness” — the layer that connects the underlying AI model to tools and controls how it operates. Security experts warned that such access could reveal deeper insights into internal systems, including APIs and architecture, potentially making it easier to bypass safety controls.

Roy Paz, a senior AI security researcher at LayerX Security, suggested the incident may have happened because the full source code was uploaded instead of a limited compiled version typically meant for release. Anthropic, however, said its normal safeguards were not bypassed.

The leak also appeared to confirm details about an upcoming model internally referred to as “Capybara,” with hints that multiple versions — including faster and slower variants — could be in development.

As the code spread online, Anthropic moved to contain the situation by issuing takedown requests to GitHub under US copyright law. However, the response created further problems. Around 8,100 repositories were taken down, including legitimate forks of Anthropic’s own public code, prompting backlash from developers who suddenly lost access to their projects.

The company later acknowledged the mistake. Boris Cherny, head of Claude Code, said the takedown had unintentionally affected a much wider network of repositories connected to its original codebase. Anthropic reversed most of the removals, limiting action to one repository and 96 related forks, while GitHub restored access to the rest.

This marks the second such incident for Anthropic in a short period. Earlier reports revealed that nearly 3,000 internal files had been left publicly accessible due to a configuration error, including a draft blog post about the same upcoming model.

Claude Code is one of Anthropic’s most important commercial products, with annualised revenue reportedly exceeding $2.5 billion as of February. The tool competes with offerings from major players like OpenAI, Google, and xAI.

The latest leak, along with the messy cleanup that followed, raises fresh concerns about internal controls at the company — especially as it is reportedly preparing for a potential IPO, where operational reliability and data security come under greater scrutiny.