Anthropic’s rough week: leaked models, exposed source code, and a botched GitHub takedown

Anthropic faced a turbulent week with three separate incidents: an accidental leak of its unreleased Claude Mythos model via an unsecured data store, the exposure of 512,000 lines of Claude Code source code shipped in an npm package with a source map file, and a botched DMCA GitHub takedown that removed over 8,000 repositories beyond the intended targets. The exposed source code reveals Claude Code's permission-enforcement logic, hook-orchestration paths, and trust boundaries, creating potential attack vectors. Leaked documents also revealed Anthropic's internal concerns about its upcoming Capybara model's advanced cyber capabilities. Experts criticize Anthropic for prioritizing shipping velocity over governance and accountability, arguing that safety leadership must extend beyond model behavior to the entire release pipeline.