Anthropic PBC正加速处理Claude Code内部原始码无意外外泄事件。依GitHub的DMCA通知,数千份副本被移除,后来因覆盖超过预期的储存库而被部分缩回。此次外泄涉及约1,900个档案与约512,000行程式码,且紧接在上周另一次事件之后:有数千份内部档案曾被放在可公开存取系统,包括未来模型代号为“Mythos”和“Capybara”的草稿贴文。这是Anthropic于短期内的第二次安全疏失。
Anthropic在X上的连续贴文中,Claude Code创建者Boris Cherny表示,发布流程有几个手动步骤,其中一个没有正确执行。公司称已先做了几项自动化改善,并计划再做更多。外泄始于一则疑似分享代码连结的X贴文,观看次数超过3,000万,随后有数千则网路贴文称已逐一检索代码。有些人声称发现尚未发布功能,例如主动接任务的常驻AI代理人Kairos,以及一个追踪使用者挫折与粗话表达的系统。Cherny表示大多数新构想未会发布,Kairos仍在考量中;但追踪系统属于用来判断体验品质的讯号之一。
Anthropic周二发表声明,确认外泄后表示未涉及敏感客户资料或凭证,这是由人为错误导致的发布封装问题,而非资安入侵。资安研究高阶主管Melissa Bischoping警示,外泄等于提供攻击者「内部运作蓝图」,可使逆向工程更容易,并可能找到绕过保护机制的方法。Anthropic同时在与美国政府就供应链风险标签诉讼中对峙,该标签若持续可能使公司损失数十亿美元;但公司也在Claude Code带动下呈现显著成长:截至2月,Claude Code的年化运转率收入已超过2.5亿美元($2.5 billion),支持其最快今年10月起步上市的传闻。
Anthropic PBC is rushing to address an inadvertent release of Claude Code internal source code. Thousands of copies were removed from GitHub under a DMCA notice, and the takedown was later scaled back after it was found to cover more repositories than intended. The leak exposed about 1,900 files and about 512,000 lines of code, and it followed a prior incident a week earlier in which thousands of internal files were reportedly placed on a publicly accessible system, including a draft post about a future model codenamed “Mythos” and “Capybara.” This was Anthropic’s second security slip within a short time window.
In posts on X, Anthropic Claude Code creator Boris Cherny said there are a few manual steps in the deploy process and one had not been done correctly. The company said it already made several automation improvements and planned additional fixes. The leak became public through an X post sharing a code link that drew more than 30 million views, followed by thousands of online posts claiming they had combed through the code. Some said they found unreleased features, including Kairos, an always-on AI agent that handles tasks proactively, and a system that tracks user frustration and profanity. Cherny said most new ideas are not released; Kairos remains under consideration, while the tracking system is used as one signal for assessing user experience quality. (Key numbers: 3,000)
In a Tuesday statement, Anthropic confirmed the leak but said it did not involve sensitive customer data or credentials and was caused by a human packaging error, not a breach. Security director Melissa Bischoping warned the exposure gives adversaries a blueprint, making reverse engineering easier and potentially enabling circumvention of protections. At the same time, Anthropic is contesting with the U.S. government over a supply-chain-risk designation, which could cost the company billions if it persists, while Anthropic is also seeing strong growth: as of February, Claude Code’s annualized run-rate revenue exceeded $2.5 billion, supporting expectations the company could go public as early as October.