Can AI Problems Be Solved by AI?

Just the day before yesterday, a blunder dubbed a “nuclear-level” event in the AI industry shattered the calm of Silicon Valley’s large model circle. Claude Code, the AI programming assistant and a core product of the star AI unicorn Anthropic (celebrity AI unicorn Anthropic), accidentally “open-sourced” its most critical 510,000 lines of source code onto the public internet due to an extremely basic packaging error.

However, this was just the beginning. What was even more absurd was Anthropic’s post-incident “remedial” measures: To remove their source code from GitHub, they activated the DMCA (Digital Millennium Copyright Act) complaint tool, which turned into an “indiscriminate attack,” resulting in the deletion of thousands of legitimate and innocent GitHub developer repositories.

In the tech circle, it’s often said that “technology is innocent,” but when top-tier AI companies start making frequent blunders, we must reconsider a question: In an era increasingly reliant on AI, should we entrust the security of entire AI systems to a handful of individuals or companies?

Not Just Source Code Leakage! Multiple Bugs Exposed

To be honest, when Leitech (ID: leitech) first learned about the Claude Code source code leak, we thought some highly skilled hacker had breached Anthropic’s servers. However, after detailed investigation, we discovered it was purely a “low-level error.”

According to Anthropic’s official announcement, the leak occurred on March 31, 2026. At the time, Anthropic pushed the v2.1.88 update of Claude-code to the npm code repository. During this update, Anthropic used the Bun tool developed by Oven, a company they had recently acquired. This tool mistakenly packaged and published a complete JavaScript source map file (typically used for internal debugging, containing a full mapping of the original unobfuscated code) during runtime.

Image Source: Claude

This “slip-up” directly exposed nearly 2,000 source code files and over 512,000 lines of proprietary TypeScript source code within Claude Code, allowing anyone to view, copy, and use them.

Even more embarrassingly, the leaked code revealed some of Anthropic’s “hidden agendas.” For example, it included a system setting called “Undercover Mode,” which internally instructed the AI to “conceal its AI identity” when contributing to open-source community code and prohibited the use of the conventional “Co-Authored-By: AI” tag.

This covert mechanism, designed to bypass scrutiny from human developers in open-source communities, directly sparked debates within the developer community about top-tier AI companies hiding their identities while maintaining projects. After all, this is somewhat unethical—no matter how strong your technology is, you shouldn’t ignore community rules. Moreover, judging from the leaked code, this was “fully automated.”

Additionally, there was another bug that infuriated developers even more. Discovered during the inspection of the leaked code, this bug caused Claude Code to incorrectly encounter “cache miss” issues when restoring sessions.

In simple terms, this bug forced Claude Code to recompute all problems you had already executed and reasoned through using Tokens. Given that the Token cost between full reasoning and cache hits differs by a factor of 10, your Token balance intended for the next 10 days could be exhausted in just one day.

Image Source: Leitech

After this bug was exposed, many developers immediately complained: “No wonder I felt like the client was consuming Tokens much faster than the web version—there really was an issue.” Furthermore, after tracing the bug, developers found that it had existed since version v2.1.69 and was only fixed in the subsequent 2.1.90 release after being verified due to the source code leak.

This raises a question: Did Anthropic even know about the bug? This is a thought-provoking issue. Because developers later discovered another problem: Claude Code forcibly inserted a string named x-anthropic-billing-header into the first block of system prompts.

This string caused every newly initiated conversation to have a unique and different system prompt prefix. In other words, even if your prompts were identical, Claude Code would perform a full write operation, consuming more Tokens. Now, many developers are suspicious of Anthropic: “Is this company secretly scamming us?”

One could say that this code leak was essentially nothing but “good news” for developers. However, Anthropic is now facing a major headache—and things are about to get worse.

Anthropic’s Indiscriminate Takedowns Anger Developers

In response to this strategic intellectual property “hemorrhage,” Anthropic’s reaction was a classic example of “desperate measures.”

Within hours of the code leak, many developers and security researchers had already downloaded and mirrored it onto platforms like GitHub. Some leaked repositories amassed tens of thousands of Stars in a very short time, even spawning so-called “cracked versions” that removed official safety restrictions and unlocked experimental features.

To curb further code dissemination, Anthropic submitted massive DMCA takedown requests to GitHub—and then tragedy struck.

Image Source: Leitech

According to insiders from overseas websites, Anthropic relied heavily on automated code comparison and reporting scripts during the cleanup process. These automated tools used overly simplistic and brute-force identification logic: If a code repository or README file contained fragments of the leaked code or specific keywords, the repository was immediately deemed “infringing.”

This automated rights enforcement, lacking human “reasonableness checks,” escalated into a large-scale GitHub repository demolition campaign. GitHub’s initial report revealed that they processed DMCA notices covering over 8,000 repository networks in just one hour.

Thousands of legitimate open-source projects were banned or forcibly deleted simply because they triggered the automated scripts. Most of these were open-source projects developed based on Anthropic’s official public APIs. Even some derivative versions of Anthropic’s own public example libraries were accidentally blocked—a classic case of “friendly fire.”

Facing this indiscriminate onslaught, many victims launched fierce protests on social media and forums, accusing Anthropic of abusing copyright law with its “shoot first, ask questions later” approach. They argued that this not only posed severe code loss risks and business disruptions for innocent developers but also seriously undermined the foundation of the open-source ecosystem.

Image Source: Leitech

Confronted with the Surging public opinion (overwhelming public outrage) and massive collateral damage, Anthropic had to make another emergency response, communicating with GitHub to withdraw most DMCA notices (reducing them to a few dozen confirmed mirror branches) and admitting that their approach was inappropriate. They pledged to strengthen review and management of related processes in the future.

However, the incident’s repercussions extended far beyond this. A report from cybersecurity firm Zscaler ThreatLabz revealed that hacker groups had begun exploiting developers’ curiosity by publishing malicious repositories on GitHub disguised as “leaked versions of Claude Code,” which actually contained stealth software like Vidar and Ghostsocks. The cleanup is expected to take considerable time.

AI Blunders: Not the First, Nor the Last

In Leitech’s (ID: leitech) view, Anthropic’s major blunder ultimately boiled down to “blind trust in automation tools and AI scripts” (though human errors were also plentiful). In reality, the tech and business worlds have seen countless cases where over-reliance on AI and automated systems, coupled with reduced or eliminated human oversight, led to catastrophic corporate losses.

Take a recent example: OpenClaw, which exploded in popularity earlier this year, released a supposedly “strongest-ever” version update on March 22, proudly announcing that over 95% of its core engine’s code was written by AI. Then, while working, the AI decided that the code previously written through AI-human collaboration was too inefficient. So, it unilaterally abandoned the old Skill API standards and rewrote a new, “more efficient” API.

As a result, over 10,000 of OpenClaw’s most proud Skills became obsolete. To continue using them, developers had to make new calls and optimizations based on the new API. Since OpenClaw was known for fully automated operations, many enterprises that deployed it woke up to find their tools completely nonfunctional—because OpenClaw had automatically updated its version and executed related operations, rendering all Skills directly ineffective.

Image Source: Leitech

Not only that, but OpenClaw’s AI also “efficiently” shut down multiple critical sandbox isolation permissions while programming, introducing even more severe security issues in the new version. You might think, “Can’t we just roll back to the previous version?” Here’s the problem: The AI-reconstructed database was incompatible with the old version, exposing users to data corruption risks if they attempted to roll back.

Although OpenClaw later released a new compatibility layer, it could only recover partial losses, prompting many users to switch to Claude Code (yes, the protagonist of today’s article), known for “stricter human review.” Unfortunately, Claude Code soon imploded too—though fortunately, this time it didn’t affect productivity; only Anthropic suffered losses.

After this incident, most mainstream open-source communities issued guidelines mandating that all AI-generated code submissions must undergo human review and be equipped with automated regression testing modules.

Then there’s Amazon, which experienced two major blunders from December last year to March this year. In one incident, an AWS engineer using their self-developed Kiro AI programming agent “accidentally” deleted and rebuilt the entire production environment, causing a 13-hour outage in AWS cost management services across some regions.

In the second incident, while handling an urgent deployment request, an engineer overly trusted the AI assistant’s recommendations, causing conflicts between Amazon’s main website’s core checkout logic and logistics forecasting systems. Subsequent statistics revealed that 125,000 orders were directly lost, and over 6 million orders were delayed or mishandled.

Image Source: Leitech

Amazon later determined that the root cause was the AI incorrectly referencing an outdated internal document, causing severe conflicts between the deployed code and existing systems, ultimately triggering a system crash. This proved that even with human supervision, if they overly trust AI, the outcome remains unchanged.

These consecutive incidents have led many to ponder: How should we manage and utilize AI’s capabilities?

Can AI Problems Be Solved by AI?

Faced with this series of epic disasters caused by “blind faith in AI,” a paradox emerges in the tech world: As AI’s code generation capabilities grow stronger and its logical reasoning becomes more complex, the cost for human developers to review AI operations is skyrocketing exponentially.

Since humans can no longer understand or review the vast amounts of code and instructions generated by AI, should AI-induced problems ultimately be resolved by even more powerful AI? In Leitech’s (ID: leitech) view, the answer is both yes and no.

From a practical work perspective, introducing AI review is inevitable. “AI supervising AI” is also one of the approaches adopted by most leading tech companies: Multiple AI agents cross-verify before submitting potentially problematic code for final review by human engineers, reducing the likelihood of misjudgments caused by AI hallucinations.

Image Source: Leitech

However, this alone is insufficient, as lessons from Anthropic, Amazon, and others show that problems can still arise even with human review. Therefore, it’s more crucial to implement multiple firewalls, such as strictly adhering to the “principle of least privilege” and never granting AI excessive permissions to prevent it from modifying core databases and production environments without human intervention.

In addition, it would be best to incorporate a "circuit breaker mechanism" operated by an independent system. When the system detects abnormal and a large number of high-risk instructions, it directly suspends the execution of all instructions and immediately notifies human engineers to review them. If Anthropic had a similar mechanism in place when receiving a large number of complaints about GitHub repository infringements (for example, requiring manual confirmation after requesting complaints for more than 50 repositories), it is likely that subsequent issues would not have arisen.

Finally, responsibility must be assigned to individuals. As users and managers of AI, one cannot shirk responsibility by simply saying, "It was all done by AI." This at least ensures that human engineers maintain a cautious and careful attitude when using AI, avoiding situations where over-reliance on AI leads to failures.

Leitech (ID: leitech) believes that although AI has reshaped our productivity in a disruptive manner, humans remain the true dominators, and this will not change.

AnthropicAI large model AI programming

Source: Leitech

The images in this article are from the 123RF licensed image library. Source: Leitech