Author: Liu Honglin

1. April Fool's Day Gift

On the morning of April Fool's Day, the global AI community joyfully welcomed Claude Code "open source".

On March 31, security researchers discovered that Anthropic had inadvertently included source map files in the Claude Code package released to npm, exposing a large amount of raw TypeScript source code. Public reports generally mentioned that this leak involved nearly 1,900 files and over 510,000 lines of code, which were quickly mirrored on platforms like GitHub. Anthropic publicly acknowledged that this was not a hacker intrusion, but rather a packaging error, and that no customer data or credentials were leaked, although the code itself had already been downloaded and studied by numerous developers.

Once this news broke, netizens joked: did all the teams around the world working on large models, agents, and coding tools stay up late last night dissecting code and conducting research?

It sounds like a joke, but it's highly likely that global AI peers were indeed observing and studying closely.

Because the most valuable aspect of this leak has never been just a few fun features, but rather it laid bare the entire engineering blueprint of an AI programming product that was already in production and had formed an influence within the developer community. Public reports also noted that this leaked code not only contained Claude Code itself, but also revealed many unreleased features, such as BUDDY with a cyber-pet color scheme, and KAIROS, which is closer to a "persistent memory assistant". For the first time, the outside world saw so closely how a leading AI coding agent was built.

The first impact this event had on the AI industry is very direct: it will significantly accelerate the understanding of agent product forms across the entire industry.

Over the past year, the AI industry has seemingly been focused on competing with models, but is actually increasingly racing towards product-level engineering: how to tune tools, control permissions, break down long-chain tasks, coordinate multiple agents, manage state, and connect with IDEs, terminals, and cloud environments. Papers will tell you the direction, benchmarks will tell you the scores, but often the only way to figure out how to make a truly usable product is for teams to navigate it themselves.

Previously, many teams remained at the conceptual, demo, or even PPT levels regarding "how agents should be done"; now they suddenly have a "physical disassembly diagram" from a leading vendor.

Anthropic, in a rather awkward manner, made part of its "problem-solving process" public. For many peers, this value is not just "copying a piece of code", but rather seeing for the first time the structural template of a mature product.

This shock could be greater than a model parameter leak.

So when netizens mockingly said, "Last night, global large model teams were working overtime to study," it is not an exaggeration.

The truly subtle aspect of this event is that it was not a formal release, yet it created a stronger industry demonstration effect than a formal release. A press conference can give you direction, source code can provide you solutions; papers can convey concepts, engineering structure can show you how products actually run. In the coming months, the AI industry, particularly in the areas of coding agents, terminal agents, and multi-agent collaboration, is likely to be indirectly propelled by this incident.

2. Since it's here, can we use it freely?

However, this immediately raises a second question that many developers will be concerned about: since it has come, does it mean we can use it recklessly?

Answer: No.

Because this incident is strictly not a formal "open source", but a case of "passive leakage". Anthropic afterwards not only acknowledged it was a packaging mistake but is also pushing for removal and remedial measures. Their stance is very clear: it is not "welcome to fork and use", but rather "this should not have been public in the first place".

Real open source requires the original rights holder to explicitly grant permission, informing you that you can use, modify, distribute, and even commercialize; whereas the situation with Claude Code is closer to "copyrighted code that has leaked to the public due to a packaging error". Just because you can see it does not mean you have the right to use it freely; being backed up does not mean it automatically falls into the public domain.

This can actually be referenced in the Tesla case.

In 2014, Tesla announced that it would not actively initiate patent lawsuits against those who "good faith use" its electric vehicle-related patents. This incident is often cited as a classic case of "technology companies opening ecosystems", leading many to form the impression that Tesla is very open externally.

But the issue lies thereafter. Tesla later clearly outlined the boundaries in its official legal statement: this promise is more akin to an arrangement of "temporarily not asserting patent rights under certain conditions", not a formal licensing or waiver of rights. More importantly, this "non-sue" comes with preconditions, including the other party must belong to "good faith use", cannot claim against Tesla's intellectual property, cannot challenge Tesla's patents, and cannot create simple imitations or alternative competing products. In other words, Tesla indeed exhibited an open stance, but this openness has never been unconditional.

Subsequent disputes related to Xiaopeng further emphasized this issue. In 2019, Tesla sued former autonomous driving team member Cao Guangzhi, accusing him of uploading a large number of source codes and files related to autonomous driving to a personal cloud account before leaving, and then joining Xiaopeng Motors. Reports at the time indicated that Tesla accused him of uploading over 300,000 files and directories. Though this case later settled, it was sufficient to illustrate one thing: patent-level openness is possible, but when it comes to source code, engineering implementation, and business secrets that genuinely affect competitiveness, companies are usually not so generous.

This principle also applies to the Claude Code incident. The code has leaked, but that does not mean the authorization has also leaked. Just because you can see it does not mean you can commercially replicate, modify, and distribute it. Technical openness and relinquishing rights are not the same concept; public posture and specific authorization are also not the same concept. The Tesla case clearly illustrates this point.

Today, the most dangerous aspect of the AI industry is not that everyone wants to learn, but rather that many people, in a collective excitement, mistakenly understand "publicly visible" as "implicitly available". And such a misunderstanding, once it translates into real product development, usually does not end up easy.

3. What are the risks if we really use it to develop products?

If other vendors or startup teams indeed use the leaked Claude Code source code to develop products, what potential risks would there be?

I think there are roughly three aspects.

The first layer is the most direct copyright and licensing risk. If the original code lacks clear authorization, directly copying, modifying, using commercially, and distributing it could infringe intellectual property rights. Researching it for insights, looking at architecture, and understanding product forms is one thing; transferring specific codes, file structures, and implementation methods into your own commercial product on a large scale is another. Especially in the fast-paced AI industry, many entrepreneurs often make the mistake of "let's get it done first and figure it out later." However, once such items are integrated into a product and are later determined to have infringement or unauthorized use issues, the remedial costs can be very high.

The second layer involves trade secrets and unfair competition risks. Many teams may have a naive idea: since it has leaked, and since it is available online, using it should be fine. In reality, things are not so simple. If something is exposed due to the other party's mistake, if you knowingly take advantage of this code as a commercial product accelerator, the controversy can easily shift from "copyright" to more complex risks such as "knowingly utilizing defective material" or "free-riding on someone else's error". The disputes between Tesla and Xiaopeng have clearly demonstrated these boundaries. Others may speak of ecological openness, but that doesn't mean you can directly take things that truly affect competitiveness.

The third layer consists of safety and liability risks. What leaked are not just some fun small features, but also permission systems, toolchains, multi-agent coordination, and other elements closer to a "production-grade agent system framework." Moreover, around the time of the leak, Anthropic continued to emphasize the automated mode and safety usage boundaries of Claude Code, advising developers that even with new automatic capabilities, it is still recommended to use them in safe, isolated environments because risks cannot be completely eliminated. Even a mature company is still working on autonomous execution for agents and repeatedly reinforcing safety barriers. If you directly use a set of leaked code that hasn't been formally delivered, hasn't been completely authorized, and may even contain hidden issues for commercialization, and if a safety incident, permission failure, erroneous execution, or user loss occurs, the liability will not automatically lessen just because "this code leaked online".

Therefore, the true reminder for entrepreneurs from this incident is not "another opportunity to copy" but rather that "a technical shortcut may not equate to a commercial shortcut". You can research it; you can use it to understand direction; but if you take it as your own foundation for commercialization, the following issues of copyright, competition, and safety liability may come knocking on your door. Many times, the saved R&D time will eventually be paid back in another, more expensive way.

4. In the AI era, safety is not just about models

The most ironic aspect of the Claude Code incident is safety.

In recent years, Anthropic has continuously emphasized safety, caution, boundaries, and alignment. The result that really put them on the hot search was not a safer release but a rather "elementary" packaging mistake.

In the short term, this is a public relations disaster; in the medium term, it almost equates to hosting a "grassroots technology exchange release" for the entire agent industry; in the long term, it serves as a reminder to all AI companies: what is truly valuable today is not just the model itself, but the entire set of products and engineering systems built around the model, and more importantly, how we ensure safety in the AI era.

By the end of March, Anthropic was actively promoting the automated mode of Claude Code, stressing that while enhancing autonomous execution capabilities, it was also using classifiers and safety constraints to reduce risk operations. Yet a few days later, the most embarrassing issue for them was not a cutting-edge model risk, but a basic oversight in the release process.

This contrast itself speaks volumes.

Therefore, the next phase that the AI industry truly needs to address may not only be "stronger models", but also "more stable systems". Not just making agents more autonomous, smarter, and more like digital employees, but making the entire product chain more controllable, auditable, and accountable.

In this sense, the true exposure from this incident is not merely Anthropic's oversight, but rather a challenge that the entire AI industry is facing together: as models become stronger, agents become more capable, and products approach real-world execution levels, do we actually possess matching safety capabilities, release discipline, and engineering safety competence?

This issue may be more deserving of the entire AI industry’s vigilance than the leak itself.