How Anthropic and Axios exposed the real software crisis in 2026
Last week, the software supply chain broke. Here's what happened.
In less than 72 hours:
-
500,000 lines of AI code leaked.
-
One of the internet's most-used libraries turned malicious.
-
Developers got infected just by installing dependencies.
There was no zero-day exploit. There was no master hacker breaking through a firewall.
We simply installed our packages, ran our builds, and handed the keys to our systems over to strangers. This is what happens when the software industry builds its entire foundation on blind trust.
The Leak: One Mistake, Massive Fallout
Let us start with the first domino. Anthropic leaked half a million lines of proprietary code from their flagship agentic product Claude Code.
The media immediately called it a sophisticated hack. It was not a hack. It was a single configuration mistake, likely due to a misconfiguration in the release pipeline (e.g. source maps or public asset exposure). They failed basic release hygiene.
But when an AI infrastructure company does it, the stakes change. The leaked repository did not just...