Claude Code leak: IP protection or digital cover-up?

Since the accidental leak of more than half a million lines of code in late March, Anthropic has moved aggressively against the publication of the Claude Code source code. DMCA claims were filed with GitHub and others. However, these actions not only deleted approximately 100 repositories containing the leaked code but also over 8,100 legitimate repositories using Anthropic's official codebase.

Anthropic has since significantly walked back these actions and apologized to the developers of the accidentally deleted repositories. In light of initial code analysis results, the aggressive "deletion crew" appears less like a protection of copyright and more like an attempt to erase any digital footprints before they can be analyzed.

The Allegations

Emotional Surveillance (Sentiment Analysis)

As revealed by Scientific American, "Claude Code" contains mechanisms for "sentiment analysis." The tool specifically scans user prompts for signs of frustration (e.g., "this sucks," "so frustrating") and stores these prompts for later analysis.

Deliberate Deception (Identity Concealment)

Evidence has also been discovered suggesting that Claude contains functions designed to obscure the origin of generated code. When Claude Code works on public projects, internal codenames such as "Claude Code" are automatically removed to create the impression that the code was written entirely by a human.

Irresponsible Autonomy (The "YOLO" Protocol)

Under the name "YOLO" (You Only Live Once), there exists a mechanism for tool authorization (classifyYoloAction). Here, the line between an unpredictable agent and controlled software becomes blurred. Instead of using strict, rule-based controls, the AI itself decides whether an action may be performed without consulting the user. The risk assessment is carried out by the AI itself. A system whose security decisions are based on an "all-or-nothing" principle appears to contradict every standard of AI safety.

Extensive File Access Rights (Making Microsoft's Recall look harmless)

The surveillance is not limited to merely reading emotions. Analysis of the code structures reveals a far more profound and dangerous reality: Claude Code acts as a digital vacuum for the entire local working directory. As security researcher "Antlers" summarized in a statement to The Register: "People don't realize that every single file Claude looks at is uploaded to Anthropic. If the AI sees a file on your device, Anthropic possesses a copy." This is not a mere metric of system behavior; it is a complete mirroring of the local work environment into Anthropic’s cloud.

A Breach of Trust?

The various analyses of the Claude Code source code paint a picture that could be highly uncomfortable for Anthropic. CCleaks has provided an extensive analysis of Anthropic's various codes. Against this backdrop, Anthropic’s aggressive defense using DMCA notices looks like a cover-up attempt. Perhaps the primary goal is not the protection of intellectual property, but the maintenance of an illusion.

The technical reality suggests that Claude Code may not be a secure assistant, but rather software programmed to hide its identity, map our emotions, and store our private files as permanent "loot" in the cloud. The "Claude Code" leak could cause lasting damage to the trust in Anthropic. Security researcher Nicholas Carlini demonstrated the power of Claude Code. He succeeded in using Claude Code as a tool for a highly efficient attack that cracked the FreeBSD operating system in a record time of just four hours.