TL;DR
- Overbroad Takedown: Anthropic’s DMCA filing against leaked Claude Code source code accidentally swept up approximately 8,100 GitHub repositories beyond the intended target.
- Root Cause: Anthropic accidentally uploaded Claude Code’s complete source code to NPM, exposing nearly 2,000 files and over 512,000 lines of code.
- Access Restored: Anthropic retracted the bulk of the notices, limiting enforcement to one repository and 96 forks, and GitHub restored access to all affected repositories.
- Pattern of Leaks: The incident marks Anthropic’s third code or data leak in under a year, raising concerns about operational maturity ahead of a planned IPO.
Anthropic accidentally took down approximately 8,100 GitHub repositories after filing an overbroad DMCA takedown notice targeting leaked Claude Code source code on March 31, 2026. Anthropic has since retracted the bulk of the notices, and GitHub restored access to the affected forks.
Now Anthropic’s third code leak in under a year, the incident compounds reputational risk as the company prepares for a public offering. Thousands of developers who had legitimately forked Anthropic’s own public Claude Code repository found their projects temporarily blocked without warning.
According to Anthropic, the targeted repository was part of a fork network connected to its own public Claude Code repo, causing the takedown to reach far more repositories than intended. Anthropic retracted notices for all but one repository and 96 forks containing the actual leaked code. Boris Cherny, Anthropic’s head of Claude Code, publicly confirmed the mass takedown was accidental.
This was not intentional, we’ve been working with GitHub to fix it. Should be better now.
— Boris Cherny (@bcherny) April 1, 2026
How the Source Code Leaked
On March 31, a software engineer discovered the Claude Code source code leak when Anthropic accidentally included its source files in a release update. Rather than publishing only the compiled version of Claude Code to NPM, Anthropic uploaded the complete source code, a release packaging error that exposed nearly 2,000 source code files and over 512,000 lines of code.
However, Anthropic described the incident as “a release packaging issue caused by human error, not a security breach,” with no customer data or credentials involved, according to Fortune. Leaking proprietary code through a packaging error and then compounding the damage with an overbroad legal filing points to a gap between Anthropic’s engineering velocity and its release management controls.
In its DMCA filing, Anthropic claimed the forks were infringing “to the same extent as the parent repository,” triggering the cascade to approximately 8,100 repos. While only one repository, github.com/nirholas/claude-code, was the intended target, its position within Claude Code’s broader fork network meant the notice swept up thousands of unrelated projects.
As a result, GitHub’s fork architecture, which links all downstream copies to a parent repo, allowed a single DMCA notice asserting blanket infringement to propagate across the entire tree. The outcome mirrors the Allumeria false DMCA episode of February 2026, where AI-powered copyright bots delisted an indie game from Steam before the claim was withdrawn.
Pattern of Leaks
Anthropic’s DMCA blunder caps a difficult stretch for the AI safety company. On March 27, Fortune reported on the Mythos leak, in which Anthropic had made nearly 3,000 internal files publicly available. Days later came the Claude Code source code exposure.
Moreover, an earlier Claude Code leak in February 2025 similarly exposed original code and internal system connections before Anthropic removed it. Anthropic also issued a DMCA takedown against a developer who had reverse-engineered Claude Code in April 2025, making the March 2026 filing its second IP enforcement action against the developer community in under a year.
Among the exposed materials was the agentic harness that instructs Claude how to use tools and enforce guardrails, covering approximately 500,000 lines of code across roughly 1,900 files. A security researcher noted the exposure could allow competitors to reverse-engineer Claude Code’s internal architecture and help developers build open-source alternatives. Furthermore, an analysis of the Claude Code source leak found anti-distillation traps embedded in the codebase.
Three leaks in twelve months erode the exclusivity that justifies premium pricing for enterprise AI tools. For Anthropic, which has invested heavily in differentiating its products through proprietary tooling, the competitive exposure compounds the reputational damage at a moment when the company needs to demonstrate operational maturity to investors.
Building on that pressure, Anthropic had initiated IPO talks late last year, and prospective investors will be looking for evidence that it has strengthened both its release pipeline and its IP enforcement review process. While GitHub has restored access to all affected repositories, developers who depend on Claude Code forks face lingering uncertainty about future enforcement actions.
