The Fatal Human Error: How One Manual Step Leaked Claude Code to the World

Yesterday’s hemorrhage of the Claude Code source code ignited a veritable jubilee within the developer community. Subsequently, however, Anthropic dispatched DMCA takedown notices compelling GitHub to obliterate over 8,100 repositories harboring the compromised code, citing profound copyright infringement.

Yet, regardless of the multitude of DMCA mandates dispatched, absolute eradication of the source code from the digital ether remains an impossibility. For the Claude Code architects, the current reality necessitates remedial action, namely scrutinizing the genesis of the breach. The catalyst for this exposure lay in the inadvertent inclusion of MAP files during the product’s packaging for the production environment. These artifacts harbored a colossal volume of unobfuscated data, thereby granting the developer collective an unprecedented vantage point into the intricate internal architecture of Claude Code.

Beyond the issuance of copyright mandates to purge the repositories, Anthropic has hitherto refrained from promulgating any official declaration. Nevertheless, Boris Cherny, a principal architect of Claude Code, issued a response upon X platform, acknowledging the breach as a consequence of human error.

Cherny articulated upon the social platform:

“It was human error. Our deploy process has a few manual steps, and we didn’t do one of the steps correctly. We have landed a few improvements and are digging in to add more sanity checks. Like with any other incident, the counter-intuitive answer is to solve the problem by finding ways to go faster, rather than introducing more process. In this case more automation & claude checking the results.”