Anthropic has acknowledged that its Digital Millennium Copyright Act (DMCA) takedown campaign, intended to remove leaked proprietary code from GitHub, inadvertently targeted legitimate repository forks, according to reports from Ars Technica. The incident highlights the operational challenges AI companies face when attempting to protect intellectual property at scale whilst avoiding collateral damage to lawful projects.
The San Francisco-based AI firm, valued at approximately $18.4 billion following its most recent funding round, initiated the DMCA requests after discovering that portions of its source code had been leaked online. However, the sweep caught legitimate forks—copies of repositories created through GitHub’s standard forking mechanism—that developers use for collaboration and contribution purposes.
Anthropic confirmed to Ars Technica that the takedowns were not intended to target lawful forks and attributed the incident to its leak-focused enforcement effort. The company has not disclosed how many repositories were affected or the specific mechanism that led to legitimate projects being flagged alongside repositories containing leaked material.
The episode reveals a fundamental tension in source code protection strategies. Whilst DMCA takedowns remain a primary legal tool for removing unauthorised material, distinguishing between leaked proprietary code and legitimate open-source forks requires nuanced analysis that automated systems struggle to perform reliably. GitHub’s forking feature, central to collaborative software development, creates architecturally similar repositories that can be difficult to differentiate through automated scanning.
The business implications extend beyond Anthropic’s immediate reputational concerns. For developers and open-source maintainers, the incident demonstrates how aggressive IP protection by well-funded AI companies can disrupt legitimate work. False positive takedowns can halt active development, break dependency chains, and erode trust in platforms that host collaborative projects.
For Anthropic’s competitors, the misstep offers a cautionary example as they develop their own IP protection protocols. OpenAI, Google DeepMind, and other AI firms with valuable proprietary codebases face identical pressures to prevent leaks whilst maintaining relationships with the developer community. The incident may prompt industry-wide reassessment of enforcement procedures, particularly around verification steps before issuing takedown requests.
GitHub, owned by Microsoft, faces renewed scrutiny over its DMCA process. The platform processed more than 14,000 takedown notices in 2023, according to its transparency reports. Whilst the DMCA’s safe harbour provisions require platforms to act expeditiously on valid requests, the Anthropic incident underscores the need for more sophisticated verification mechanisms that can distinguish between infringing content and legitimate forks.
The timing is particularly sensitive for Anthropic, which has positioned itself as a safety-focused alternative to competitors. The company’s constitutional AI approach and emphasis on responsible development have been central to its brand identity and its ability to secure major partnerships with organisations including Amazon Web Services and Google Cloud. Operational missteps in IP protection, even if quickly corrected, risk undermining that carefully cultivated reputation.
Legal experts note that whilst DMCA takedowns are intended to be straightforward, submitters bear legal responsibility for false claims. Developers whose repositories were wrongly targeted could theoretically pursue counter-notices or, in cases of demonstrable harm, seek damages under DMCA provisions addressing misrepresentation.
The incident arrives as AI companies face intensifying scrutiny over their use of copyrighted material for training data, making IP protection strategies increasingly visible to regulators and the public. How Anthropic addresses this specific case—including whether it implements additional verification steps or compensates affected developers—will likely influence industry practices.
Observers should monitor whether Anthropic publishes details of its revised takedown procedures and whether GitHub implements additional safeguards for distinguishing legitimate forks from infringing content. The company’s response will test whether AI firms can balance aggressive IP protection with respect for the collaborative development practices that underpin the broader software ecosystem.
