Anthropic, an artificial intelligence company, recently experienced an accidental leak of source code for its Claude Code command-line application. This was followed by the company issuing a digital copyright takedown notice to GitHub, which temporarily removed approximately 8,100 code repositories. Anthropic subsequently retracted the majority of these notices, confirming the widespread takedown was unintended and restoring access to most affected repositories.
Anthropic's recent source code leak led to a temporary GitHub takedown of approximately 8,100 repositories, a move the company later confirmed was largely unintended.
Incident Details: Source Code Leak
The incident originated with the Claude Code 2.1.88 update, which inadvertently included a package containing a source map file with its TypeScript codebase. This resulted in the exposure of over 512,000 lines of code, offering insights into the AI-powered coding tool's internal structure.
On Tuesday, a software engineer discovered the inadvertently released source code. Following its discovery, the code was subsequently shared on GitHub, with users creating a repository that accumulated over 50,000 forks.
Christopher Nulty, an Anthropic spokesperson, clarified that the incident was a "release packaging issue caused by human error," not a security breach. Nulty confirmed that no sensitive customer data or credentials were involved or exposed, and the company is implementing measures to prevent future occurrences.
The leak was a "release packaging issue caused by human error," not a security breach, with no sensitive customer data exposed.
GitHub Takedown and Initial Scope
In response to the spread of the leaked code, Anthropic issued a takedown notice under U.S. digital copyright law. GitHub executed this notice, affecting approximately 8,100 repositories. These included not only copies of the inadvertently released source code but also legitimate forks of Anthropic's own publicly available Claude Code repository.
The initial GitHub takedown, based on Anthropic's notice, affected around 8,100 repositories, encompassing both leaked code and legitimate public forks.
Rectification and Company Statements
Boris Cherny, Anthropic's head of Claude Code, stated that the mass takedown was accidental. An Anthropic spokesperson explained that the initial notice encompassed more repositories than intended because the repository specified in the notice was part of a broader fork network connected to their public Claude Code repository.
The company subsequently retracted the majority of these notices. The scope of the takedown was narrowed to one specific repository and 96 associated forks that contained the originally released source code. GitHub has since restored access to the affected repositories from which the notice was retracted.
Anthropic's head of Claude Code confirmed the mass takedown was accidental, leading to the retraction of most notices and the restoration of access to affected repositories.
Context and Expert Commentary
The incident occurred as Anthropic reportedly prepares for an Initial Public Offering (IPO).
Claude Code, which was launched by Anthropic in February 2025, gained attention after the integration of agentic capabilities, allowing the tool to perform tasks for users.
Arun Chandrasekaran, an AI analyst at Gartner, commented that while the leak presents "risks such as providing bad actors with possible outlets to bypass guardrails," its long-term impact might be limited. Chandrasekaran suggested the event could serve as a "call for action for Anthropic to invest more in processes and tools for better operational maturity."
An AI analyst suggests that while the leak poses risks, its long-term impact might be limited, serving as a "call for action for Anthropic to invest more in processes and tools for better operational maturity."