Friendly Fire! Anthropic Urgently Removes Leaked Source Code, Leading to Thousands of GitHub Repositories Being Unintentionally Affected

Recently, AI giant Anthropic triggered a widespread "collateral damage" incident while trying to remove leaked source code from GitHub, due to overzealous operations. The company admitted that during the process of requesting the removal of infringing code, an error caused thousands of unrelated legitimate code repositories to be mistakenly deleted.

This large-scale cleanup was triggered by a major incident last week, when Anthropic accidentally made the source code of its tool called Claude Code public. Although the official responded quickly, the code had already been widely copied and distributed, forcing the company to take strong legal measures to block it across the web.

Automated Scripts Gone Rogue, Legitimate Developers Suffer "Downgrade Attack"

During the cleanup, Anthropic used automated monitoring tools to identify and report repositories containing leaked code. However, these tools clearly failed to accurately distinguish between genuine infringing content and legitimate projects that merely referenced or discussed the incident, leading to many innocent developer accounts being caught in the crossfire.

Many affected developers expressed strong anger, believing that this "cutting before asking" cleanup approach was extremely irresponsible. Although Anthropic later issued a statement saying it was an accident and working to restore the mistakenly deleted projects, its brand reputation has suffered considerable damage within the open-source community.

Reflections on Security Vulnerabilities: A "Low-Level Mistake" by a Top AI Lab

The root cause of this chaos was a configuration error in Anthropic's internal build system. This error caused private TypeScript source code, which should have been protected, to be packaged into public npm packages, which industry experts consider an extremely serious low-level security mistake.

From the perspective of AIbase, this incident reveals the extreme anxiety of top AI companies when handling data assets. In the intense technological competition of 2026, code leaks are indeed fatal, but if protective measures evolve into indiscriminate attacks on the developer ecosystem, their side effects may be even more profound than the leak itself.