Claude Code Source Leak Exploited to Spread Credential-Stealing Malware

The event involves an AI system (Claude Code) whose source code was leaked due to a packaging error. Hackers weaponized this leak to spread malware via fake repositories impersonating the AI codebase. The malware steals credentials and proxies network traffic, causing harm to developers and organizations. This constitutes an AI Incident because the AI system's development and its leaked code directly facilitated the malicious campaign leading to realized harm (credential theft and network compromise).

The event involves an AI system (Claude Code) whose leaked source code is being used maliciously to distribute malware, causing direct harm to users by stealing sensitive information and compromising devices. The presence of the AI system is explicit, and the harm is realized through the malware infections resulting from the malicious repositories. The article also references prior security vulnerabilities in the AI system, reinforcing the connection between the AI system's development/use and harm. Hence, this is an AI Incident due to direct harm caused by malicious use of the AI system's leaked code.

The leaked AI system source code (Claude Code) is explicitly mentioned and is central to the incident. The leak indirectly led to harm through the malware campaign that exploits the leak to trick users into downloading malicious files. The malware causes harm to property (computers) and individuals (credential theft), fitting the definition of an AI Incident where the AI system's development/use/malfunction leads indirectly to harm. The event is not merely a potential risk but describes active harm occurring via the malware campaign. Therefore, this qualifies as an AI Incident.

The leaked Claude Code is an AI system's source code. The leak led to widespread distribution and malicious actors exploiting it to distribute malware that steals sensitive data and enables remote access. This directly harms users who download the malicious files, fulfilling the criteria for an AI Incident due to realized harm caused by misuse of the AI system's leaked code. The event is not merely a potential hazard or complementary information but a concrete incident involving harm linked to the AI system.

The event involves an AI system (Claude) whose leaked source code is being used maliciously to distribute malware that causes direct harm to users by stealing sensitive data and compromising their devices. The harm is realized, not just potential, and the AI system's development and accidental leak are pivotal in enabling this harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose accidental source code leak was exploited by attackers to distribute malware, causing direct harm to users by stealing credentials and compromising security. The involvement of the AI system's leaked code in enabling this attack and the realized harm to individuals and the community meet the criteria for an AI Incident. The event is not merely a potential risk or a complementary update but a concrete incident with direct harm linked to the AI system's development and use context.

The event describes a malicious campaign leveraging the purported leak of an AI system's source code to distribute malware. The AI system (Claude Code) is involved only as the lure or context for the attack, not as a cause of harm through its own operation or malfunction. The harm arises from the malicious use of the leaked code to distribute credential-stealing malware. This fits the definition of an AI Hazard because the development or leak of the AI system's code is plausibly leading to harm via malicious exploitation, but the AI system itself is not directly causing the harm. However, since harm (credential theft) is already occurring due to the malware distributed under the guise of the AI code, and the AI system's leaked code is pivotal in enabling this harm, this qualifies as an AI Incident. The AI system's involvement is indirect but pivotal in the chain of events leading to harm.

The event involves an AI system (Claude Code) whose source code leak has been exploited by malicious actors to spread malware causing harm to individuals (developers) and organizations through credential theft and device compromise. The AI system's development (source code leak) and subsequent malicious use have directly led to realized harm, fulfilling the criteria for an AI Incident. The harm includes violations of security and privacy, which fall under harm to persons and communities. Therefore, this event qualifies as an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude) whose leaked source code is being used as a vector to distribute malware. The malware's use has directly led to harm by stealing credentials and enabling unauthorized access to cloud infrastructure, which is a violation of security and potentially intellectual property rights. The involvement of the AI system's leaked code is pivotal to the incident, as it exploits the AI community's interest in the code to spread malware. This meets the criteria for an AI Incident because the development and use of the AI system (its leaked code) has indirectly led to harm (credential theft, infrastructure compromise).

The leaked AI-related code (Claude Code) is an AI system component, and its unauthorized distribution and weaponization by attackers have directly caused harm through malware infections and data theft. This fits the definition of an AI Incident because the AI system's development and use have directly led to harm to persons and enterprises. The event is not merely a potential risk or a complementary update but describes realized harm from malicious use of AI system code.

The article explicitly involves an AI system (Mythos) used for cybersecurity vulnerability detection, which is a clear AI application. The AI system is in active use by partners to identify and mitigate security risks, thus contributing positively to preventing harm. There is no report of any harm caused by the AI system or its malfunction. The concerns about potential misuse are noted but remain hypothetical and do not describe an imminent or realized hazard. The main focus is on the release, capabilities, partnerships, and governance discussions around the AI system, which aligns with Complementary Information rather than an Incident or Hazard. Therefore, the event does not meet the criteria for AI Incident or AI Hazard but provides important context and updates on AI deployment and governance.

The article does not describe any actual harm or incident caused by AI systems, nor does it report a specific event where AI malfunctioned or was misused leading to harm. Instead, it provides a research-based assessment of potential future impacts of AI on employment, which is a plausible risk but not an incident or hazard in itself. Therefore, it fits best as Complementary Information, providing context and understanding about AI's societal implications without reporting a concrete AI Incident or AI Hazard.

The event involves an AI system (Claude Code) whose leaked source code was exploited to spread malware. The harm includes theft of sensitive data and misuse of infected devices, which are direct harms to persons and communities. The AI system's development and subsequent leak indirectly caused these harms. The malicious use of the AI system's leaked code to distribute malware fits the definition of an AI Incident, as the AI system's malfunction or misuse led to injury or harm to people and communities.

The article explicitly mentions an AI system (Mythos) with advanced capabilities that could be exploited by threat actors to accelerate cyberattacks, indicating a plausible risk of harm to critical infrastructure or digital security. The leak of the model's internal documents increases the likelihood of such misuse. Since no actual harm has been reported yet but the risk is credible and significant, this event qualifies as an AI Hazard rather than an AI Incident. The discussion of market impact and industry trends supports the seriousness of the hazard but does not indicate realized harm.

Claude Mythos is an AI system explicitly described as capable of finding and exploiting security vulnerabilities at an unprecedented scale. Although the article does not report any realized harm or incidents caused by this AI, it highlights the credible risk of misuse leading to large-scale cyberattacks, which would disrupt critical infrastructure and harm communities. The proactive mitigation efforts by Anthropic and partners further indicate awareness of this plausible threat. Since no actual harm has yet occurred but the risk is credible and significant, the event fits the definition of an AI Hazard rather than an AI Incident or Complementary Information.

The event involves the use of an AI system to detect cybersecurity vulnerabilities that, if exploited, could lead to significant harm such as disruption of critical infrastructure (harm category b). Although no actual harm has yet occurred, the AI system's use is intended to prevent such incidents. Therefore, the event describes a credible and plausible risk scenario where AI is central to identifying and mitigating potential cyber threats. This fits the definition of an AI Hazard, as the AI system's development and use could plausibly lead to preventing or, if misused or if vulnerabilities remain, causing an AI Incident. The article does not report any realized harm yet, so it is not an AI Incident. It is more than complementary information because it focuses on the AI system's role in addressing a credible cybersecurity threat rather than just providing updates or responses to past incidents.

The article describes a legal and political dispute over the use of an AI system in military projects, with the US government labeling Anthropic as a supply chain risk and banning its AI from Pentagon contracts. While the AI system is involved and the context is military and security-sensitive, there is no indication that the AI system has caused any harm, malfunction, or incident. The event is about governance, legal rulings, and control over AI technology, which fits the definition of Complementary Information. It does not meet the criteria for an AI Incident (no harm occurred) or AI Hazard (no plausible future harm is described beyond existing concerns).

The event involves an AI system (Anthropic's Claude Mythos) whose development and potential capabilities have caused market fears and economic impacts. However, no realized harm or incident resulting from the AI system's use or malfunction is described. The concerns are about plausible future impacts on the software industry and cybersecurity, but no direct or indirect harm has occurred yet. Therefore, this event is best classified as an AI Hazard, reflecting the credible risk posed by the AI system's capabilities and potential future impacts on the industry and market.

The event involves the use of an AI system (Claude Mythos) in cybersecurity to prevent AI-based cyberattacks, which could plausibly lead to harms such as disruption of critical infrastructure or economic damage if successful attacks occur. Since the article discusses the initiative as a preventive measure and no actual harm or incident has occurred, this qualifies as an AI Hazard. It highlights a credible risk of AI-enabled cyberattacks and the use of AI to counteract them, but no realized harm is described.

The article discusses the potential use of Anthropic's AI system Claude in military contexts and the US Department of Defense's designation of Anthropic as a supply chain risk, leading to a government ban on its military use. Elon Musk's support for this ban and the company's legal challenge highlight the controversy and risk associated with AI in warfare. Although no actual harm has been reported, the plausible future harm from AI-enabled military applications, such as autonomous weapons or surveillance, fits the definition of an AI Hazard. The event does not describe realized harm or incident but focuses on the credible risk and governance responses, making it an AI Hazard rather than an Incident or Complementary Information.

The AI system "Mythos" is explicitly mentioned and is described as having the capability to exploit security vulnerabilities, which could plausibly lead to disruption of critical infrastructure (the banking sector's digital systems). No actual harm has yet occurred, but the credible risk of future harm is the focus. Therefore, this event qualifies as an AI Hazard because it involves the use and potential misuse of an AI system that could plausibly lead to significant harm, but no incident has yet materialized.

The article focuses on the deployment of an AI system designed to prevent cybersecurity incidents by detecting vulnerabilities. The AI system's use is intended to reduce harm rather than cause it, and no actual harm or incident is reported. The event is about a collaborative effort and technological advancement to address AI-related security challenges, fitting the definition of Complementary Information. It does not describe an AI Incident or AI Hazard because no harm or plausible future harm from the AI system itself is described; instead, it is a positive application of AI to mitigate risks.

The article explicitly mentions the use of an AI system (Mythos Preview) developed to detect software vulnerabilities, which is a clear AI system involvement. The AI system is being used to prevent potential harm related to cybersecurity breaches, which could lead to significant harm to users, property, and communities if exploited. Since the AI system is actively used to detect and mitigate vulnerabilities, and the article does not report any realized harm but rather the deployment of AI to prevent harm, this event qualifies as Complementary Information. It provides context on societal and technical responses to AI for cybersecurity enhancement rather than reporting an incident or hazard.

The article explicitly mentions an AI system (Anthropic's Mythos model) with advanced capabilities to find and exploit cybersecurity weaknesses. The involvement is in the use and potential misuse of this AI system. No direct harm has occurred yet, but the warnings from government officials and the banking sector indicate a credible risk of future cyberattacks that could disrupt critical infrastructure (banks). This fits the definition of an AI Hazard, as the AI system's development and potential use could plausibly lead to an AI Incident involving harm to critical infrastructure. The article focuses on the risk and preventive discussions rather than reporting an actual incident.

The article explicitly involves an AI system (Anthropic's Mythos model) and discusses concerns about cybersecurity vulnerabilities that could affect critical financial infrastructure. Although no actual harm or incident is reported, the warnings and proactive briefings indicate a credible risk that the AI system could plausibly lead to disruption or harm if exploited. Therefore, this event fits the definition of an AI Hazard, as it concerns plausible future harm from the AI system's use or misuse, but no realized harm is described.

The article explicitly involves an AI system (Anthropic's Mythos) with advanced capabilities that could be used maliciously to exploit cybersecurity vulnerabilities. The concern is about potential future harm to critical infrastructure (the financial system) through cyberattacks enabled by this AI. No actual incident or harm has occurred yet, but the regulators' urgent response and the described capabilities establish a plausible risk of harm. Therefore, this event fits the definition of an AI Hazard rather than an AI Incident or Complementary Information.

The article explicitly mentions an AI system (Anthropic's Mythos) and discusses concerns about its potential to be exploited by hackers, which could threaten the financial system's security. No actual harm or incident has occurred yet, but the credible risk of cybersecurity threats to critical infrastructure is recognized by top financial and government leaders. This fits the definition of an AI Hazard, as the AI system's use or misuse could plausibly lead to harm, but no direct or indirect harm has materialized so far. The meeting and discussions are preventive and risk-focused, not reporting an incident or realized harm.

The event involves an AI system (Claude Code) and its development process (source code management). The leak was accidental but exposes critical internal details that could be exploited or misused, posing plausible future risks such as intellectual property violations and enabling malicious actors to bypass protections or replicate the system. No direct harm (such as injury, rights violations, or operational disruption) has been reported yet, so it does not qualify as an AI Incident. It is not merely complementary information because the leak itself is a significant event with potential for harm. Hence, it fits the definition of an AI Hazard.

The event clearly involves an AI system, Anthropic's Claude Code, which is an AI programming collaboration tool. The leak was caused by a development and deployment error (packaging mistake) leading to the exposure of proprietary internal source code. While no direct harm (such as injury or rights violations) has been reported yet, the leaked code contains security mechanisms and operational logic that, if exploited, could lead to significant harms including security breaches, misuse of the AI system, and erosion of user trust. The widespread dissemination and analysis of the code by competitors and potentially malicious actors increase the plausibility of future harm. Since the harm is not yet realized but plausibly could occur, this event fits the definition of an AI Hazard rather than an AI Incident or Complementary Information.

The event involves an AI system (Claude Code) and its source code being accidentally leaked due to internal operational mistakes. The leak exposes proprietary AI system details, which is related to the AI system's development and use. Although no direct harm such as data breaches involving customer information or operational failures causing injury or rights violations is reported, the exposure of internal source code creates a plausible risk of intellectual property theft or misuse that could lead to future harms. Since no actual harm has been reported, but plausible future harm exists, this fits the definition of an AI Hazard rather than an AI Incident. It is not Complementary Information because it is not an update or response to a prior incident, nor is it unrelated as it clearly involves an AI system and potential risks.

An AI system (Claude Code, an AI programming application) is explicitly involved. The event stems from the development and deployment process (a packaging error leading to source code leakage). Although no direct harm has been reported, the leakage of source code poses a credible risk of future harm, such as intellectual property violations or malicious exploitation. Therefore, this event qualifies as an AI Hazard rather than an AI Incident, as the harm is plausible but not yet realized.

The event clearly involves an AI system, specifically the Claude AI system and its harness software. The leak was caused by a development error (packaging mistake) and led to unauthorized access and distribution of proprietary AI-related code. This constitutes a violation of intellectual property rights, a recognized form of harm under the AI Incident definition. The incident also caused reputational harm and operational disruption through widespread DMCA takedown actions affecting many developers, which further supports classification as an AI Incident. The involvement of AI is explicit, and the harm is realized, not merely potential, thus it is not a hazard or complementary information. The event is not unrelated as it centers on AI system code and its consequences.

An AI system (Claude Code) is explicitly involved, and its source code has been leaked publicly due to a development and operational security failure. Although no immediate harm has been reported, the leak exposes sensitive AI system details that could be exploited maliciously, posing a credible risk of future harm. The event does not describe realized harm but a plausible future risk, fitting the definition of an AI Hazard rather than an AI Incident or Complementary Information. It is not unrelated because the AI system and its security breach are central to the event.

The event involves an AI system (Claude Code) whose source code was accidentally leaked, revealing unreleased AI features. The leak stems from a development error. Although the exposure could plausibly lead to misuse or harm in the future (e.g., exploitation of unreleased AI capabilities), the article does not report any actual harm occurring yet. Hence, it does not meet the criteria for an AI Incident but fits the definition of an AI Hazard, as the development and use of the AI system could plausibly lead to harm due to the leak. It is not Complementary Information because it is not an update or response to a prior incident but a new event. It is not Unrelated because it clearly involves an AI system and potential risks.

The event involves an AI system (Claude Code) source code leak, which is a direct result of the AI system's development and deployment process. Although no direct harm to users or data breach occurred, the leak of internal code and architecture details could plausibly lead to intellectual property violations or other harms in the future. Since no realized harm is reported, it does not qualify as an AI Incident. It is not merely complementary information because the leak itself is a significant event with potential for harm. Hence, it fits the definition of an AI Hazard.

The event involves an AI system (Claude Code) whose source code was accidentally leaked, exposing internal AI system details and unreleased AI features. The leak was caused by human error in the development and deployment process. The leak has already led to widespread unauthorized access and replication attempts, which constitute a violation of intellectual property rights and trade secrets, a recognized form of harm under the AI Incident definition (c). Although no direct physical harm or personal data breach occurred, the leak's impact on rights and potential legal consequences for developers using the code commercially is significant. This meets the criteria for an AI Incident because the AI system's development and deployment directly led to a breach of intellectual property rights and potential legal harms. The event is not merely a potential risk (hazard) or a complementary update; it is a realized incident involving AI system misuse and harm.

The event involves an AI system (Claude Code) whose source code was leaked and is being widely distributed without authorization. Anthropic's legal actions to remove these copies indicate a breach of intellectual property rights. The unauthorized dissemination and use of the AI source code directly violate legal protections intended to safeguard intellectual property, fitting the definition of an AI Incident under category (c) violations of intellectual property rights. Therefore, this event is classified as an AI Incident.

The article explicitly discusses AI systems (Claude Code with Computer use and Channels) and their advanced autonomous capabilities, which clearly involve AI. However, there is no mention or implication of any injury, rights violation, disruption, or other harm caused by these systems. The content focuses on the technical features, interoperability, and strategic positioning of these AI tools, which enriches understanding of the AI ecosystem. Since no harm has occurred or is directly implied as plausible in the near term, and the main narrative is about development and ecosystem context, the classification as Complementary Information is appropriate.

The event explicitly involves an AI system (Claude Code) and its accidental source code leak due to a human error in deployment. The leak exposes core AI agent engineering and security mechanisms, which can be exploited maliciously, posing direct risks to cybersecurity and safety. The article describes realized harm in terms of intellectual property loss, security vulnerabilities, and the potential for malicious actors to misuse the leaked code, which constitutes harm to property, communities, and possibly human rights (security and safety). The event is not merely a potential risk but an actual incident with ongoing consequences, thus classifying it as an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose core source code was accidentally leaked publicly due to a packaging misconfiguration during software release. This leak directly led to the exposure of proprietary engineering details and internal AI system mechanisms, constituting a violation of intellectual property rights, which is a recognized harm under the AI Incident definition (c). Although no physical harm or user data breach occurred, the economic and competitive harm to Anthropic and the AI industry is significant and realized. The AI system's development and release process failure is the direct cause of this harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose source code was accidentally leaked due to human error during development. This leak was exploited by hackers to spread malware that steals sensitive information, causing harm to users' property and privacy. The AI system's development and the leak directly contributed to the incident. The malware distribution and resulting data theft constitute realized harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose source code was unintentionally exposed due to a packaging misconfiguration during deployment, which is part of the AI system's development and use lifecycle. The exposure of proprietary source code constitutes a violation of intellectual property rights and presents potential security risks, fulfilling the criteria for harm under (c) violations of intellectual property rights and (e) other significant harms where the AI system's role is pivotal. Although no direct user data breach or physical harm occurred, the incident's impact on competitive advantage, security posture, and public trust is significant and directly linked to the AI system's development and deployment processes. Hence, it meets the definition of an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Anthropic's Claude Code) whose source code was leaked due to a packaging mistake. The leak is related to the AI system's development and deployment processes. Although the company states no sensitive customer data was leaked, the exposure of the AI system's proprietary code and unreleased features can plausibly lead to intellectual property rights violations and potential misuse, which are harms under the AI harms framework. Since no actual harm has been reported yet, but the risk is credible and plausible, the event is best classified as an AI Hazard rather than an AI Incident. It is not Complementary Information because the main focus is the leak event itself, not a response or governance action. It is not Unrelated because the event directly involves an AI system and its potential harms.

The event involves an AI system (Claude Code) whose source code and unreleased features were accidentally leaked, which is a direct consequence of the AI system's development and deployment process. The leak has already led to external parties reverse engineering the system and raising security concerns, indicating realized harm related to security and intellectual property. The exposure of internal model data and unreleased features also constitutes a breach of obligations related to intellectual property rights. Given these factors, the event meets the criteria for an AI Incident due to direct harm caused by the AI system's development and use.

The event involves an AI system (Anthropic's Claude Code) whose source code was accidentally leaked, exposing internal AI system details and unreleased features. This leak is due to a human error in the development and deployment process. The widespread availability of the source code enables others to replicate or modify the AI system, which constitutes a violation of intellectual property rights and commercial secrets, a recognized form of harm under the AI Incident definition (c). Although no direct customer data breach occurred, the leak's role in enabling unauthorized use and potential commercial exploitation of proprietary AI technology is a direct harm linked to the AI system's development and use. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose complete source code was accidentally leaked, exposing internal architecture and core algorithms. While no direct harm has yet occurred, the leak could plausibly lead to AI incidents such as intellectual property violations, security breaches, or malicious misuse. The incident stems from a development and release process error, not a malicious attack, but the exposure of sensitive AI system details creates a credible risk of future harm. Since no actual harm has been reported yet, this fits the definition of an AI Hazard rather than an AI Incident.

The event involves an AI system (Claude) and a leak of its source code, which is a development-related issue. However, there is no indication that this leak has directly or indirectly caused harm as defined by the framework (e.g., injury, rights violations, or operational disruption). The company's response and reflections on process improvements constitute complementary information about managing AI system risks. Therefore, this event is best classified as Complementary Information rather than an AI Incident or Hazard.

Claude Code is an AI programming tool, thus an AI system. The bug in cache handling caused users to be overcharged by up to 10 times, which is a direct financial harm to users. The source code leak revealed the bug, prompting a fix. The event involves the AI system's malfunction leading to realized harm (financial loss) to users. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude) and its source code leak, which is a significant development. The creation of a tool to evade telemetry and account bans relates to the use and potential misuse of the AI system. However, the article does not report any direct or indirect harm such as injury, rights violations, or disruption caused by the AI system's malfunction or use. The focus is on the leak and the community's technical response, which fits the definition of Complementary Information. There is no clear indication that the event has led to an AI Incident or that it plausibly leads to one (AI Hazard).

The event involves an AI system (Anthropic's Claude) and a malfunction in the development process (failure to remove a debugging source map file) that led to the exposure of extensive source code. Although no direct harm has yet occurred (no user data or model weights leaked), the leak creates a credible risk of future harm through exploitation of the exposed code and security details. This fits the definition of an AI Hazard, as the event plausibly could lead to an AI Incident. It is not an AI Incident because no actual harm has been reported yet. It is not Complementary Information because the main focus is the leak event itself, not a response or governance action. It is not Unrelated because it clearly involves an AI system and its development.

The event involves an AI system (Claude Code) whose source code was accidentally leaked due to a deployment mistake, which is a malfunction in the development/use of the AI system. The leak has directly led to harm in the form of intellectual property rights violations and harm to the company's property and competitive position. The widespread unauthorized copying and redistribution of the code, including on decentralized platforms, confirms realized harm. Although no physical harm or direct human rights violations are described, the breach of intellectual property rights and harm to property clearly meet the criteria for an AI Incident under category (c) and (d).

The event involves an AI system (ClaudeCode) and its source code leak, which is a development-related issue. While the leak is significant and exposes internal details and future plans, there is no indication that this has directly or indirectly caused harm to people, infrastructure, rights, property, or communities. Nor does it describe a plausible future harm scenario stemming from this leak. The main focus is on the leak as a noteworthy development and the community's response, which fits the definition of Complementary Information rather than an Incident or Hazard.

The event involves an AI system (Claude Code) with advanced autonomous and multi-agent features revealed through a source code leak. The leak exposes capabilities that could plausibly lead to harms such as privacy violations, unauthorized autonomous actions, or security risks if activated or misused. However, the article does not report any actual harm or incident resulting from these features being used or malfunctioning. The presence of completed but locked features indicates a credible risk of future incidents once enabled or exploited. Thus, the event fits the definition of an AI Hazard rather than an AI Incident or Complementary Information. It is not unrelated because it clearly concerns an AI system and its potential risks.

Anthropic's Claude Code is an AI system (a large language model tool). The accidental public release of its source code is a development-related event involving the AI system. The leak led to unauthorized dissemination of proprietary AI code, which is a violation of intellectual property rights (harm category c). The subsequent takedown requests mistakenly affected thousands of repositories, causing harm to property and communities (harm categories d and c). These harms have materialized, not just potential. Hence, the event meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose source code was accidentally leaked, leading to widespread unauthorized dissemination. The use of DMCA takedown requests caused collateral damage by removing thousands of repositories, disrupting developer activities and potentially violating intellectual property rights. The harm is realized and directly linked to the AI system's development and release process. The incident also includes responses and remediation efforts by Anthropic. Given the direct harm caused by the AI system's mishandling and the resulting disruption and rights violations, this event fits the definition of an AI Incident rather than a hazard or complementary information.

The article clearly involves AI systems, specifically Anthropic's Claude Code with Computer use and Channels features, which are AI-driven tools for autonomous computer interaction and message handling. However, there is no mention or implication of any realized harm, injury, rights violations, or disruptions caused by these AI systems. The content focuses on the capabilities, design, and ecosystem implications, without describing any incident or plausible immediate harm. Therefore, the event is best classified as Complementary Information, providing context and updates on AI system development and ecosystem dynamics rather than reporting an AI Incident or AI Hazard.

The event explicitly involves an AI system (Claude Code) and its source code leak due to a development/release process error. The leak does not report direct harm such as injury, rights violations, or operational disruption, but it plausibly threatens Anthropic's intellectual property rights, competitive position, and organizational trust, which are significant harms under the framework. Since the harm is potential and not yet realized, this fits the definition of an AI Hazard rather than an AI Incident. The event is not merely complementary information because it reports a concrete event with plausible future harm, nor is it unrelated as it directly concerns an AI system and its development. Thus, the classification is AI Hazard.

An AI system (Claude Code) is explicitly involved, as the leaked source code belongs to a sophisticated AI system. The event stems from the development and deployment phase, specifically a security/configuration error leading to unintended public exposure. No direct or indirect harm to persons, infrastructure, rights, or communities is reported as having occurred yet. However, the leak plausibly could lead to harms such as intellectual property violations, unauthorized use, or malicious exploitation of the AI system's capabilities. Hence, it fits the definition of an AI Hazard, as it plausibly could lead to an AI Incident in the future. It is not Complementary Information because the main focus is the leak event itself, not a response or update to a prior incident. It is not Unrelated because the event is clearly AI-related and involves an AI system.

The event involves an AI system (Claude Code client tool) and its development, specifically the accidental leak of source code. While this leak exposes proprietary code and raises copyright concerns, there is no indication that this has directly or indirectly caused harm to health, infrastructure, rights, property, communities, or the environment. The leak itself is a security and intellectual property issue, not an AI Incident causing harm or an AI Hazard posing plausible future harm. The article also discusses the legal and community responses, making it primarily an update and contextual information about the AI ecosystem. Hence, it fits the definition of Complementary Information rather than an Incident or Hazard.

The event involves an AI system (Claude Code) whose source code was leaked, revealing unreleased AI features and internal mechanisms. Although no direct harm (such as injury, rights violations, or operational disruption) has occurred, the leak plausibly could lead to AI incidents if malicious actors exploit the exposed code to bypass protections or misuse the AI system. The leak itself is a development-related event involving the AI system's code and instructions. Since harm is potential and not realized, and the event centers on the risk posed by the leak, it fits the definition of an AI Hazard rather than an Incident or Complementary Information. The event is not unrelated because it clearly involves an AI system and plausible future harm.

The event explicitly involves an AI system (Anthropic's Claude Code client) whose source code was leaked and spread without authorization, constituting a violation of intellectual property rights. The use of AI tools to create derivative versions further complicates the issue but does not negate the realized harm. The overbroad DMCA takedown caused additional harm by removing legitimate code branches, disrupting normal operations. These harms are directly linked to the AI system's development and use, fulfilling the criteria for an AI Incident. The event is not merely a potential risk or a complementary update but a concrete incident involving harm caused by AI system misuse and legal enforcement actions.

The event involves an AI system (Claude Code) and its development process (source code release). The leak is accidental and exposes internal code, which could indirectly harm the company competitively but does not directly or indirectly cause harm to people, infrastructure, rights, property, or communities as defined. There is no indication of realized harm or plausible imminent harm to others from this leak. Therefore, it does not meet the criteria for an AI Incident or AI Hazard. Instead, it provides contextual information about the AI system's development and company response, fitting the definition of Complementary Information.

The event involves AI systems explicitly, specifically Anthropic's AI product Claude Code and its software architecture. The leaks were due to human error in the development and release process, which is part of AI system development and use. Although no direct harm such as injury or rights violations is reported, the exposure of sensitive internal AI system details poses a plausible risk of future harm, including intellectual property violations and potential misuse. Since no actual harm has occurred yet but the risk is credible and material, this event fits the definition of an AI Hazard rather than an AI Incident or Complementary Information.

The event explicitly involves an AI system (Claude Code) and its source code leak due to a packaging error. Although no direct harm to users or others has been reported, the exposure of core AI system components and architecture creates a credible risk of intellectual property violations and targeted attacks, which could lead to significant harm in the future. Since the harm is not realized but plausibly could occur, this qualifies as an AI Hazard rather than an AI Incident. The event is not merely complementary information because it reports a concrete accidental leak with potential consequences, nor is it unrelated as it directly concerns an AI system's sensitive code.

The event involves an AI system (Claude Code) whose malfunction (token consumption bug) and usage limits have directly caused harm to users by limiting their ability to work effectively. The harm is realized and ongoing, as users report frequent quota exhaustion and disrupted workflows. The AI system's development and use are central to the issue, and the company acknowledges the problem and is investigating. This fits the definition of an AI Incident because the AI system's malfunction and use have directly led to harm to groups of people (developers) relying on it for their work.

The article explicitly involves an AI system (Anthropic's Claude) and its development, revealing hidden AI features and capabilities. However, there is no indication that any harm has yet occurred due to this leak or the disclosed features. The controversial 'undercover mode' raises concerns about potential misuse and ethical issues, suggesting plausible future risks. Therefore, this event fits the definition of an AI Hazard, as it plausibly could lead to incidents involving violations of transparency, trust, or intellectual property rights if these features are exploited or misused. It is not an AI Incident because no direct or indirect harm has materialized yet. It is not Complementary Information because it is not an update or response to a prior incident but a new disclosure. It is not Unrelated because it clearly involves AI systems and their potential impacts.

The event involves an AI system (Claude Code) whose internal source code was leaked due to a packaging error during software update deployment. The leak is directly linked to the AI system's development and use. The exposure of proprietary AI system code constitutes a breach of intellectual property rights and commercial confidentiality, which falls under harm category (c) violations of intellectual property rights and potentially harm to the AI ecosystem. The leak has already occurred and caused significant reputational and competitive harm, which is a clear and articulated harm where the AI system's role is pivotal. Although no physical harm or direct violation of personal data rights occurred, the incident still meets the criteria for an AI Incident because the AI system's development and use led to a significant harm event. It is not merely a potential risk or a complementary update but a realized incident involving AI system security failure and data leakage.

The event involves an AI system (Claude Code) and its complete source code being accidentally leaked due to a packaging error, which is a direct result of the AI system's development process. The leak constitutes a violation of intellectual property rights, which falls under harm category (c) in the AI Incident definition. Although no personal data or customer credentials were exposed, the unauthorized public dissemination of proprietary AI source code is a significant harm. Therefore, this qualifies as an AI Incident rather than a hazard or complementary information, as the harm has already occurred and is directly linked to the AI system's development and deployment.

The event explicitly involves an AI system (Claude Code) and details a security flaw in its use that allows attackers to bypass safety restrictions, leading to prompt injection attacks. These attacks can cause the AI to execute dangerous commands like unauthorized network requests (curl), which can harm system security and user data. The vulnerability is a malfunction in the AI system's enforcement of safety rules, directly linked to potential harm. The presence of an internal fix but ongoing exposure in public versions indicates the harm is current and plausible. Therefore, this is an AI Incident due to the realized security risks and direct link to the AI system's malfunction.

The event directly involves an AI system (Claude Code, a large language model) whose source code leak triggered a chain of events leading to the misuse of copyright takedown requests. The takedown caused actual harm by removing access to thousands of repositories, disrupting developers and communities, which fits harm to property and communities. The incident is linked to the AI system's development and use, and the company's response to its source code leak. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) and its source code leak due to a deployment error, which is a development-related issue. However, there is no indication that this leak has directly or indirectly caused harm as defined by the framework (injury, rights violations, disruption, or other significant harms). The leak is described as an opportunity for learning and analysis by the community, and the company is taking steps to improve processes. Since no harm or plausible future harm is reported, and the main focus is on the leak event and its implications for AI development and research, the classification as Complementary Information is appropriate.

The event involves the accidental public exposure of a large amount of proprietary AI source code from Anthropic's Claude Code system, which is an AI system by definition. The leak is due to a packaging error during deployment, thus linked to the AI system's development and use. The harm includes violation of intellectual property rights and damage to the company's competitive advantage and brand trust, which are recognized harms under the framework. Although no direct physical harm or customer data breach occurred, the significant exposure of core AI code and the resulting reputational and economic damage meet the criteria for an AI Incident. The event is not merely a potential risk but a realized harm, so it is not an AI Hazard or Complementary Information.

The event involves an AI system (Claude Code) whose source code was accidentally leaked, directly causing harm to Anthropic's intellectual property rights and potentially impacting the AI industry competition. The leak is a result of a development and deployment error (packaging misconfiguration). The harm is realized (not just potential), as the proprietary code is now publicly accessible and being widely copied, which constitutes a violation of intellectual property rights under the framework. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) and its development process (source code). The accidental exposure of the source code is a malfunction in the development or deployment process. Although no direct harm or violation has been reported, the exposure plausibly increases risks such as intellectual property theft, security vulnerabilities, or misuse of the AI system in the future. The article emphasizes the systemic engineering and security challenges revealed by this event, indicating a credible potential for future harm. Since no actual harm has occurred yet, it does not qualify as an AI Incident. It is not merely complementary information because the exposure itself is a significant event with potential risk. Hence, the classification as an AI Hazard is appropriate.

The event involves an AI system (Claude) with new autonomous control capabilities over computer applications, which is clearly AI-related. However, there is no indication that this has led to any realized harm or incident. The article emphasizes safety features and user control to prevent misuse or harm. Since no harm has occurred and the article does not highlight any credible risk of imminent harm, it does not meet the criteria for an AI Incident or AI Hazard. It is not merely general product news because it discusses safety and governance aspects, but these are presented as part of the feature launch and research preview. Therefore, the article is best classified as Complementary Information, providing context on AI system development and governance measures without reporting an incident or hazard.

The event involves an AI system (Claude Code) and its proprietary source code leak, which is a direct result of the AI system's development and deployment process. Although the leak exposes sensitive internal instructions and tools that enable the AI's operation, no personal data breach or direct harm to people, infrastructure, or rights is reported. The leak could plausibly lead to competitive harm and intellectual property violations, which are significant but potential harms. Since no actual harm has occurred yet, and the company is actively responding to control the situation, the event fits the definition of an AI Hazard rather than an AI Incident. It is not Complementary Information because the main focus is the leak event itself, not a response or broader ecosystem update. It is not Unrelated because it clearly involves an AI system and its development.

The event involves an AI system (Claude Code) and a malfunction (packaging error) that led to the source code leak. While this leak has significant consequences for trust, market dynamics, and technical democratization, it does not describe direct or indirect harm to persons, infrastructure, rights, property, or communities as defined for AI Incidents. Nor does it describe a plausible future harm scenario that would qualify as an AI Hazard. Instead, it details the unfolding consequences, industry reactions, and strategic implications of the leak, fitting the definition of Complementary Information that enhances understanding of AI ecosystem developments and responses.

The event involves the accidental exposure of an AI system's source code, which is a direct product of AI development. The leak has already led to widespread dissemination and potential unauthorized use, which constitutes a violation of intellectual property rights, a recognized harm under the AI Incident definition. The involvement of the AI system is explicit, and the harm is realized through the breach of proprietary code and the ensuing legal risks. Although no physical injury or direct user harm is reported, the violation of intellectual property rights and the potential for commercial misuse meet the criteria for an AI Incident. The event is not merely a potential risk (hazard) or a complementary update but a concrete incident with direct consequences.

The event involves an AI system (Claude Code) whose source code was unintentionally exposed due to a packaging mistake. While the leak reveals sensitive engineering details, it does not include model weights or user data, and no direct harm such as injury, rights violations, or operational disruption is described. The exposure could enable competitors to replicate or misuse the technology, potentially leading to intellectual property violations or other harms in the future. Since no actual harm has yet materialized but plausible future harm exists, this fits the definition of an AI Hazard rather than an AI Incident. It is not Complementary Information because the main focus is the leak event itself, not a response or update to a prior incident. It is not Unrelated because the event directly involves an AI system and its development/use.

The event involves an AI system (Claude AI programming tool) and its source code leak, which is a development-related event. However, there is no indication that this leak has directly or indirectly caused any harm as defined by the framework (injury, rights violations, infrastructure disruption, or harm to communities). The leak could plausibly lead to competitive or intellectual property issues, but these are not explicitly stated as harms under the framework. Therefore, this event does not qualify as an AI Incident or AI Hazard. It is best classified as Complementary Information because it provides important context about AI ecosystem developments and responses (reverse engineering, open-source projects) without describing a new harm or credible future harm.

The event involves the accidental public release of a sophisticated AI system's full source code, which is a direct consequence of the AI system's development and operational management. The leak exposes internal security mechanisms and attack vectors, enabling malicious actors to exploit the system or create harmful derivatives. This creates direct and indirect risks of harm to property, communities, and potentially human safety through cyberattacks or misuse. The article describes realized dissemination and ongoing risks, not just potential future harm. Therefore, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) and its development and deployment process. The leak of the source code is a direct consequence of Anthropic's error in packaging and publishing the npm package with source maps included. This leak exposes proprietary AI system details, which constitutes a violation of intellectual property rights, a form of harm under the AI Incident definition (c). The leak has already occurred and the code is widely available, indicating realized harm rather than just potential harm. Therefore, this qualifies as an AI Incident due to the breach of intellectual property rights caused by the AI system's development and deployment mishandling.

The event clearly involves an AI system component (the Claude Code harness) whose accidental exposure led to unauthorized possession and redistribution of proprietary software, constituting a breach of intellectual property rights. The harm is realized, as Anthropic's competitive advantage and reputation have been damaged, and legal actions (DMCA takedowns) were initiated. The use of AI (OpenAI Codex) to rewrite the code rapidly also relates to the AI system's ecosystem and complicates enforcement. Thus, the event meets the criteria for an AI Incident involving violation of intellectual property rights (harm category c).

The leaked source code is directly related to an AI system (Claude Code) developed by Anthropic, which supports large model API engines and multi-agent collaboration. The exposure of this proprietary code constitutes a violation of intellectual property rights, a recognized harm under the AI Incident definition. The event involves the development and distribution phase of the AI system and has already resulted in harm through unauthorized disclosure of proprietary and sensitive information. Therefore, this qualifies as an AI Incident rather than a hazard or complementary information.

The event explicitly involves an AI system (Claude Code) and its development, with a large-scale accidental leak of source code. The leak itself is a circumstance that could plausibly lead to AI incidents, such as intellectual property violations, unauthorized use, or security vulnerabilities. However, the article does not report any actual harm or incident resulting from this leak. Hence, it does not meet the criteria for an AI Incident. It is not merely complementary information because the main focus is the leak event itself, not a response or update to a prior incident. It is not unrelated because it clearly involves an AI system and potential risks. Therefore, the correct classification is AI Hazard.

The event involves AI systems (Claude and AI-assisted code rewriting) and legal actions (DMCA takedown) related to leaked AI source code. However, no harm as defined by the framework (injury, rights violations, infrastructure disruption, property/community/environmental harm, or other significant harms) is reported or implied. The main focus is on the legal and community dynamics around AI source code leaks and reimplementation, which is a governance and ecosystem context issue. Thus, it fits the definition of Complementary Information, as it updates on responses and challenges in AI system development and control, without describing a new AI Incident or AI Hazard.

The event explicitly involves an AI system (Claude Code) whose source code was accidentally leaked, exposing sensitive internal details and user data collection mechanisms. The leak has already resulted in widespread unauthorized access and distribution of proprietary code, constituting a violation of intellectual property rights. Additionally, the exposed code reveals capabilities that could harm user privacy and security, such as remote control and data exfiltration features. These harms have materialized or are ongoing, meeting the criteria for an AI Incident. The event is not merely a potential risk or a complementary update but a realized incident with direct harm linked to the AI system's development and use.

The event involves an AI system (Claude Code) and its development lifecycle (code release). The leak of the source code is a direct breach of intellectual property rights, which is a form of harm under the AI Incident definition (c). Although no physical harm or operational disruption is reported, the unauthorized public exposure of proprietary AI system code is a clear violation of legal protections and company obligations. The article does not describe potential future harm only, but an actual realized breach. Hence, it qualifies as an AI Incident rather than a hazard or complementary information. It is not unrelated because the event centers on an AI system and its source code leak.

The event involves an AI system (Claude Code) and its development, specifically the accidental exposure of its full source code. This exposure is a breach of intellectual property rights and a security lapse. However, the article does not describe any realized harm such as injury, operational disruption, or direct violation of rights caused by the leak. The potential for future harm exists, including misuse of the leaked code or exploitation of vulnerabilities, which fits the definition of an AI Hazard. The detailed technical analysis and reflections on the AI system's design do not constitute Complementary Information because the main focus is the leak event itself and its implications. Hence, the classification as AI Hazard is appropriate.

The event involves an AI system (Claude Code) and its development process, specifically a source code leak due to a packaging error. The leak constitutes a breach of intellectual property rights, which is a form of harm under the AI Incident definition. However, the article does not mention any direct or indirect harm resulting from this leak, such as misuse of the code causing injury, rights violations, or other harms. The leak is a significant security and proprietary risk but does not itself constitute an AI Incident or AI Hazard as no harm or plausible future harm is described. The event mainly provides contextual information about AI development risks and past similar incidents, fitting the definition of Complementary Information.

The event involves an AI system (Claude Code) whose source code was leaked and distributed without authorization, constituting a violation of intellectual property rights, which is a breach of obligations under applicable law protecting intellectual property rights. The leak and subsequent widespread distribution of the source code have directly led to harm in the form of intellectual property infringement. The company's DMCA takedown notices and GitHub's removal of repositories are responses to this harm. Therefore, this event qualifies as an AI Incident because the development and use of the AI system have directly led to a breach of intellectual property rights.

The event involves an AI system (Anthropic's Claude) and its telemetry and anti-abuse mechanisms, which are part of the AI system's use and control. The leak of source code and the creation of a tool to evade telemetry detection could plausibly lead to misuse or abuse of the AI system, potentially causing violations of user rights or other harms. However, the article does not describe any actual harm or incident occurring yet, only the potential for such harm. Thus, it fits the definition of an AI Hazard rather than an AI Incident or Complementary Information. It is not unrelated because it clearly involves AI systems and their use.

The event involves an AI system (Claude Code) and an AI-generated companion feature (Buddy), but there is no indication of any harm, malfunction, or risk caused or potentially caused by this system. The article does not describe any injury, rights violation, disruption, or other harm. Instead, it provides insight into the internal design and philosophy behind the AI tool, which enhances understanding of the AI ecosystem. Therefore, this is Complementary Information rather than an Incident or Hazard.

The event involves an AI system (Claude Code) whose source code was accidentally leaked, revealing confidential engineering details. Although this leak does not directly cause harm such as injury, rights violations, or property damage, it plausibly could lead to future harms by enabling unauthorized replication, circumvention of security measures, or misuse of the AI tool. The article does not report any realized harm but highlights the potential for a significant upgrade in AI tool capabilities globally due to this leak. Hence, it fits the definition of an AI Hazard, as it plausibly could lead to AI Incidents in the future but has not yet done so.

The event explicitly involves an AI system (Claude Code) and its source code leak, which is a direct result of a development mishap (human error leading to accidental public exposure). The unauthorized use and cloning of the AI system's code constitute a violation of intellectual property rights, a recognized harm under the AI Incident definition. The legal actions taken by Anthropic and the widespread replication of the code confirm that harm has materialized. Therefore, this qualifies as an AI Incident due to the direct link between the AI system's development/use and the violation of intellectual property rights and operational disruption.

Although the source code leak involves an AI system's internal code, the event does not report any realized harm such as injury, rights violations, or community harm caused by the AI system's outputs or behavior. The leak is a security incident related to intellectual property but does not constitute an AI Incident because the AI system itself did not cause harm through its operation or malfunction. The event focuses on the human error causing the leak and subsequent copyright enforcement and remediation efforts, which fits the definition of Complementary Information rather than an Incident or Hazard.

The event involves an AI system (Claude) whose source code was accidentally leaked due to a manual deployment error, a malfunction in the AI system's development and deployment process. This leak has directly led to violations of intellectual property rights as unauthorized copies appeared on GitHub, causing harm to the company and potentially the AI ecosystem. The company's response and mitigation efforts do not negate the fact that harm has occurred. Hence, this is an AI Incident as per the definitions, since the AI system's malfunction led to a breach of intellectual property rights, a recognized harm category.

The event involves an AI system (Claude Code) whose source code was accidentally leaked due to a developer mistake during packaging. The leak led to widespread unauthorized access and redistribution of the code, which is a violation of intellectual property rights, a recognized category of AI harm. Although no direct physical harm or data breach occurred, the unauthorized exposure of proprietary AI system code constitutes a breach of obligations under applicable law protecting intellectual property rights. The incident is directly linked to the AI system's development and deployment processes and has resulted in realized harm (loss of control over proprietary code and potential competitive disadvantage). Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Anthropic's Claude Code) whose core source code was accidentally leaked publicly due to a packaging error. This leak directly results from the development and deployment process of the AI system. The leak exposes proprietary intellectual property, which constitutes a violation of intellectual property rights, a recognized form of AI harm under the framework. Although no physical harm or data breach occurred, the direct exposure of the AI system's core code and internal security mechanisms is a significant harm. Therefore, this event meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Claude Code) whose source code was accidentally leaked due to a team error in deployment. This leak led to widespread unauthorized distribution and replication of the AI system's code, violating Anthropic's intellectual property rights. The harm is realized and significant, including loss of proprietary technology and competitive advantage. The AI system's development and deployment process directly caused this harm. Thus, it meets the criteria for an AI Incident involving violation of intellectual property rights. The event is not merely a potential hazard or complementary information, but a concrete incident with direct harm.