Anthropic’s rough week: leaked models, exposed source code, and a botched GitHub takedown

Host A: Welcome back to DevTools Radio, I'm your host, and today we are diving into what has genuinely been one of the messiest weeks in recent AI company history — and the company in question is Anthropic.

Host B: Yeah, and look, Anthropic is supposed to be the *careful* one. The "responsible AI" company. So this is particularly eyebrow-raising.

Host A: Right, so let's walk through it. First, a security researcher named Chaofan Shou discovered that Anthropic had shipped version 2.1.88 of Claude Code with a 59.8 megabyte source map file bundled right into the npm package — essentially handing anyone who downloaded it a full view of the codebase. We're talking 512,000 lines of code.

Host B: That's not a leak, that's more like... leaving your diary on the front porch. And this wasn't some obscure internal tool — Claude Code is a product developers are actively using. So who knows how many people quietly grabbed that package and took a very long look inside?

Host A: And it gets worse. Less than a week later, an unsecured, publicly accessible data store was found containing details about two unannounced Anthropic models — one called Claude Mythos, described internally as their most capable model to date, and another tier called Capybara, which they say is more powerful than their existing Opus models.

Host B: Capybara. They named their most powerful AI model after a giant rodent. I love this industry. But okay, setting the branding aside — what does it actually mean that this architecture is now public?

Host A: It's significant. Experts are pointing out that the leaked source exposes Claude Code's exact permission enforcement logic, its hook orchestration paths, and the trust boundaries it uses to decide when to execute code. So essentially, bad actors now have a roadmap for bypassing safeguards.

Host B: And from what I understand, Anthropic's own internal documents — also exposed — acknowledge that Capybara is, quote, "currently far ahead of any other AI model in cyber capabilities." They literally warned that if bad actors got hold of these capabilities, it could trigger a wave of exploits that outpace defenders.

Host A: Which makes the timing of all this especially uncomfortable. Then, to top it off, Anthropic tried to do the right thing legally — they filed a DMCA takedown with GitHub to remove repositories containing the leaked code. Reasonable move, right?

Host B: Sure, except the takedown ended up hitting over 8,000 repositories. Eight thousand. Most of which presumably had nothing to do with any leaked Anthropic code. And their response was essentially, "oops, that was an accident."

Host A: Zahra Timsah, co-founder and CEO of i-GENTIC AI and a contributor to AI governance at the World Economic Forum, put it really well. She said Anthropic built its entire positioning on being the responsible actor — and that positioning just took a hit. Her exact quote was, "You do not get to claim safety leadership if it only applies to the model layer."

Host B: That's a line that should be printed on a poster in every AI company's infrastructure team's office, honestly. And it points to something bigger — this isn't just an Anthropic problem. The whole industry is in this sprint to ship, and accountability is getting retrofitted after the fact.

Host A: Exactly. Shayne Adler from Aetos Data Consulting said building trust in AI depends as much on governance and change control as it does on model performance. The model can be brilliant — but if your release pipeline is leaking like a sieve, that matters just as much.

Host B: It's that old "move fast and break things" mentality colliding head-on with an industry where the things you break could have some pretty serious consequences.

Host A: Well said. Anthropic has since retracted the broader GitHub takedown and pulled public access to the data store, but as the saying goes — you can't un-ring a bell. The code is out there, the model details are public knowledge, and the conversation about what responsible AI development actually looks like in practice is very much open.

Host B: And that conversation is one we'll keep having right here. Thanks for tuning in to DevTools Radio, everyone — stay curious, stay secure, and maybe double-check your npm packages before you ship.

Host A: Always read the fine print — and the source maps. We'll see you next time.