(mods: I assume this is blowing up twitter and so discussing it here
won’t do additional damage — and there are already a thousand github
forks — but I am not actually on twitter, which is why I’m opening
discussion here. It’s possible I’m missing something. Feel free to nuke
this if so.)
For those that hadn’t heard yet, last night Anthropic appears to have
accidentally published a Claude Code update with extractable source code
in it. This seems important, but I’m not sure how much so, and I didn’t
see an existing discussion here.
My understanding — and hopefully someone will correct me if I’m wrong
— is that the actually dangerous part of Claude is the weights, and
those were not leaked. So the leak may be embarrassing, it may cost
Anthropic some competitive advantage, but it’s not dangerous.
It’s also my understanding that Anthropic has historically been
relatively leak-free, until a certain memo leaked a few weeks ago during
the DoW incident. Supposedly twice is still coincidence, not enemy
action, but it does feel like a questionable coincidence and I wonder if
the same person is responsible for both leaks. I don’t know enough about
npm packaging to guess how easy it would be to do by mistake. Alternate
hypotheses: Human error updating the build tools? AI-written build
scripts that somebody was a little too lax reviewing? That last seems
more than plausible, come to think of it.
The most questionable thing in the actual codebase I’ve heard mentioned
is a stubbed-out feature for “undercover mode” to suppress its
self-identification in commit messages (but all that says is that they
considered it at some point, maybe as a competitive concession to Codex
doing the same thing by default? Unclear). There’s been a few other
things too. I haven’t dug into the code myself so I don’t know how
seriously to take any of them.
I came here to see if there was any discussion of the situation, didn’t
see one, was disappointed, and decided to fix that. Soliciting
information from anyone who knows more than me.
[edit:] Takedown notices have gone out, unsurprisingly. At least some (well, at least one) appear to have misidentified forks of CC’s issue-tracker repo as forks of the offending leak. I don’t care enough to object to the one I received, but if anyone from Anthropic sees this, you may want to either debug something or notify github, depending on who’s IDing instances.
Discuss Read More
The Claude Code Source Leak
(mods: I assume this is blowing up twitter and so discussing it here
won’t do additional damage — and there are already a thousand github
forks — but I am not actually on twitter, which is why I’m opening
discussion here. It’s possible I’m missing something. Feel free to nuke
this if so.)
For those that hadn’t heard yet, last night Anthropic appears to have
accidentally published a Claude Code update with extractable source code
in it. This seems important, but I’m not sure how much so, and I didn’t
see an existing discussion here.
My understanding — and hopefully someone will correct me if I’m wrong
— is that the actually dangerous part of Claude is the weights, and
those were not leaked. So the leak may be embarrassing, it may cost
Anthropic some competitive advantage, but it’s not dangerous.
It’s also my understanding that Anthropic has historically been
relatively leak-free, until a certain memo leaked a few weeks ago during
the DoW incident. Supposedly twice is still coincidence, not enemy
action, but it does feel like a questionable coincidence and I wonder if
the same person is responsible for both leaks. I don’t know enough about
npm packaging to guess how easy it would be to do by mistake. Alternate
hypotheses: Human error updating the build tools? AI-written build
scripts that somebody was a little too lax reviewing? That last seems
more than plausible, come to think of it.
The most questionable thing in the actual codebase I’ve heard mentioned
is a stubbed-out feature for “undercover mode” to suppress its
self-identification in commit messages (but all that says is that they
considered it at some point, maybe as a competitive concession to Codex
doing the same thing by default? Unclear). There’s been a few other
things too. I haven’t dug into the code myself so I don’t know how
seriously to take any of them.
I came here to see if there was any discussion of the situation, didn’t
see one, was disappointed, and decided to fix that. Soliciting
information from anyone who knows more than me.
[edit:] Takedown notices have gone out, unsurprisingly. At least some (well, at least one) appear to have misidentified forks of CC’s issue-tracker repo as forks of the offending leak. I don’t care enough to object to the one I received, but if anyone from Anthropic sees this, you may want to either debug something or notify github, depending on who’s IDing instances.
Discuss Read More
Related Posts
AntiPaSTO: Self-Supervised Value Steering for Debugging Alignment
Published on January 13, 2026 12:55 PM GMTAntiPaSTO: Self-Supervised Value Steering for Debugging AlignmentDemo: Same…
Burying a Changeling into Foundation of Tower of Knowledge
Rhetorical Attack by Substitution and Buffer OverflowRecently, I've seen following rhetorical technique used in several…
Inoculation prompting: Instructing models to misbehave at train-time can improve run-time behavior
Published on October 8, 2025 10:02 PM GMTThis is a link post for two papers…