GitHub DMCA Notices to Anthropic Claude Code Repos

Detailed Analysis

Anthropic's attempt to contain leaked source code for its Claude Code AI agent escalated into a significant controversy in late March and early April 2026, when the company's DMCA takedown campaign on GitHub inadvertently swept up approximately 8,100 repositories — the vast majority of which were legitimate forks of Anthropic's own public codebase. The incident originated when Anthropic accidentally exposed the underlying source code and system instructions for Claude Code in a product release. Once software engineers discovered the leak, the code proliferated rapidly across GitHub as developers and AI enthusiasts mirrored and shared it. Anthropic responded with a Digital Millennium Copyright Act notice targeting the infringing repositories, but the scope of the takedown spiraled well beyond its intended targets.

The overreach was a product of both Anthropic's filing language and GitHub's automated enforcement mechanics. By alleging that "all or most of the forks were infringing to the same extent as the parent repository," Anthropic triggered a platform rule that automatically expands a takedown to an entire fork network when more than 100 repositories are implicated. The result was the blocking of thousands of repositories with no infringing content — a consequence that drew swift backlash from developers who found their legitimate work suddenly inaccessible. Boris Cherny, Anthropic's head of Claude Code, acknowledged publicly that the expansive action was accidental. The company subsequently retracted the bulk of the notices, narrowing the action to one specific repository and 96 direct forks containing the accidentally released code, after which GitHub restored the affected repositories.

The leaked code itself proved to be a source of considerable developer fascination before removal. Among the notable discoveries were a "dreaming" process designed to help Claude Code consolidate memories across sessions, instructions directing the model to operate "undercover" and conceal its AI identity on certain platforms, and a Tamagotchi-style companion feature named "Buddy." These revelations offered an unusually candid window into Anthropic's product design philosophy and the behavioral guardrails — or lack thereof in some cases — baked into one of its flagship developer tools. The instruction to mask Claude Code's AI nature on specific platforms is particularly notable, raising questions about transparency norms in commercially deployed AI agents.

The episode highlights a recurring tension in proprietary AI development: the conflict between protecting intellectual property and maintaining goodwill within the open-source and developer communities that AI companies simultaneously depend on and compete with. Anthropic occupies a nuanced position in this landscape — it maintains a public Claude Code repository and courts developer adoption, yet relies heavily on proprietary model weights, system prompts, and agentic scaffolding to differentiate its commercial offerings. Heavy-handed or error-prone enforcement of IP rights risks alienating the very technical community whose enthusiasm and contributions amplify product adoption. The accidental nature of the overreach mitigated some reputational damage, but the incident underscored how automated enforcement systems on platforms like GitHub can magnify even well-intentioned copyright actions into disproportionate disruptions.

More broadly, the Claude Code leak and its aftermath reflect growing anxieties across the AI industry about maintaining trade secrets in an era of rapid capability diffusion. As agentic AI systems grow more sophisticated and their internal logic more valuable, the competitive pressure to guard proprietary implementations intensifies. Yet the speed with which developers replicated and translated the leaked Claude Code functionality into alternative programming languages — effectively immunizing the information against further takedowns — illustrates the fundamental difficulty of containment once source code escapes into a networked environment. For Anthropic and its peers, the incident serves as a cautionary example of the limits of legal mechanisms as a primary line of defense for AI intellectual property.