Anthropic Code Leak

Anthropic spent the past week proving that the hard part of selling AI tools is no longer just the model. It is the software wrapped around the model, the billing rules under it, and the trust that holds the whole stack together. The first crack came on March 31, when Anthropic accidentally published internal source code for Claude Code, its coding agent for developers. The leak was not the result of an outside intrusion. Anthropic said a release packaging mistake pushed internal code into a public npm package, and that no customer data or credentials were exposed. But the distinction only goes so far. The company still let outsiders reconstruct roughly 512,000 lines of TypeScript spread across about 1,900 files. That is not a sliver. That is the playbook. The mechanism was almost embarrassingly ordinary. A source map file, meant for debugging, shipped with Claude Code version 2.1.88. Anyone who grabbed the package could use that file to recover the underlying TypeScript. Within hours, the code was being mirrored and picked apart across the developer internet. Anthropic removed the bad release and said it was putting safeguards in place. By then, the useful part of the leak had already happened. What leaked matters because Claude Code is not just a chatbot with a terminal window. It is an agent system. Reports based on the exposed code describe orchestration layers for tool use, API calling, sub-agents, IDE connections, and background task machinery. In other words, the code showed how Anthropic is trying to turn a large language model into a worker that can keep state, call tools, and act with some autonomy. That is exactly the layer many companies now treat as proprietary advantage. That made the timing worse. Just days later, on April 4 at 12 p.m. Pacific, Anthropic cut off the ability to use Claude subscriptions through third-party agent frameworks such as OpenClaw. Users can still run Claude models there, but not on the flat-rate Claude Pro or Max plans that had made the setup attractive. To keep going, they now need pay-as-you-go usage or a direct API key. Anthropic’s explanation was blunt. Boris Cherny, who leads Claude Code, said subscriptions “weren’t built for the usage patterns of these third-party tools” and that the company is prioritizing customers using its own products and API. That is corporate language, but the meaning is simple. Agent frameworks were burning through too much capacity under consumer-style pricing, and Anthropic decided the subsidy had to end. The company tried to soften the blow with transition credits and discounted usage bundles. That helps with the first bill. It does not change the structure. Teams that built workflows around bundled access now have to meter every automated action. For software that is supposed to feel like a tireless assistant, that is a very different product. Put the two events together and the picture gets clearer. Anthropic accidentally exposed the internals of its agent software, then tightened control over how customers can use that software outside its preferred channels. One mistake revealed how much value sits in the orchestration layer above the model. The next move showed the company intends to charge for that layer much more carefully than before. That is the real story here. AI companies like to talk as if the model is the product. This week was a reminder that the product is also the glue code, the packaging pipeline, the access policy, and the meter. Anthropic lost control of one of those pieces in a 59.8 MB source map file, then reasserted control through billing.