- Anthropic accidentally published interpretable source code for Claude Code — including the proprietary “harness” of instructions and tools that make the AI operate as a coding agent — when updating the app on Tuesday
- By Wednesday the company had filed copyright takedown requests covering more than 8,000 GitHub copies, later narrowing to 96; developers are already using other AI tools to rewrite the code in new languages to keep it available
- The leaked code reveals commercially sensitive techniques including a “dreaming” memory consolidation feature, an instruction for Claude Code to go “undercover” and not reveal it is an AI when posting to GitHub, and a Tamagotchi-style pet called “Buddy”
- The leak doesn’t expose customer data or model weights, but gives competitors a detailed roadmap to clone Claude Code’s features — a significant blow as Anthropic prepares for a potential IPO at a $380 billion valuation
What Happened?
Anthropic accidentally exposed the underlying source code for Claude Code — its popular AI coding agent — when updating the product on Tuesday. A file posted to GitHub linked back to interpretable source code that outsiders could download and read. Within hours, an X user spotted the leak and it spread rapidly, with copies multiplying to more than 8,000 on GitHub. Anthropic responded with sweeping copyright takedown requests — initially targeting more than 8,000 accounts, later narrowed to 96 — and acknowledged the incident was “a release packaging issue caused by human error, not a security breach.” The company says it is rolling out measures to prevent a recurrence. The leak did not expose customer data or the mathematical weights of its AI models, but it did expose the proprietary system-level instructions and tooling — called a “harness” — that Anthropic uses to make its Claude AI behave effectively as a coding agent. Developers combing through the code have reported on features including a “dreaming” memory consolidation process, instructions for Claude Code to go undercover and not identify itself as an AI when posting to platforms like GitHub, and hints pointing to future product releases.
Why It Matters?
Claude Code has been a key competitive differentiator for Anthropic, winning significant traction with developers and enterprise customers. The harness — the prompt engineering, tools, and behavioral instructions that make Claude Code effective — represents intellectual property developed through extensive trial and error. It is, in many ways, the secret sauce that competitors would otherwise need months to reverse engineer. The leak now hands them a blueprint. Beyond competitive damage, it creates reputational risk: the instruction for Claude to go “undercover” and not identify itself as an AI cuts directly against Anthropic’s positioning as the safety-focused AI company. The exposure comes at a particularly sensitive moment — Anthropic has been valued at $380 billion in a recent funding round and is preparing for a potential IPO later this year, making this leak a hit to both its competitive moat and its public market narrative.
What’s Next?
Anthropic is unlikely to fully contain the spread. Developers are already using other AI tools to rewrite the leaked Claude Code functionality in different programming languages to circumvent future takedowns. Cybersecurity experts assess the damage as “embarrassing but not dangerous” — Claude Code is frequently rewritten and the leak will become obsolete; hackers could already reverse-engineer the code before it was exposed. The more lasting impact is competitive: rivals and startups now have a detailed roadmap to build similar coding agents without the years of iteration Anthropic invested. The incident is also likely to prompt broader scrutiny of AI companies’ software supply chain practices, particularly as OpenAI, Anthropic, and SpaceX each race toward IPOs in the second half of 2026.
Source: The Wall Street Journal
