Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Thursday 2 April 2026 — and the AI industry started the morning on fire. Three of today’s five stories could individually reshape the legal, security, and political landscape around artificial intelligence. Here’s what you need to know.
Anthropic scrambles after Claude Code source code leaks onto GitHub
This is probably the story that will get the most mileage in developer circles this week. Anthropic accidentally published roughly 512,000 lines of internal source code — including the underlying instructions that power Claude Code — through a packaging error, and by Wednesday morning the company had filed copyright takedown requests against more than 8,000 GitHub copies. It later walked that back to just 96 accounts, which itself raised eyebrows.
Anthropic’s official line: “This was a release packaging issue caused by human error, not a security breach.” The company says no customer data was exposed and no model weights leaked. For most observers, that framing landed somewhere between spin and true-but-misleading. Leaked system prompts don’t hand competitors the model, but they do hand them a roadmap.
The real story isn’t the code itself — it’s what was inside it. Developers combing through the dump found references to unreleased models named Capybara and Mythos, plus something called the Buddy System feature. The security community is split on whether to treat this as a genuine operational failure or the most interesting accidental product announcement of 2026. On Hacker News, the top take was blunt: leaked system prompts are valuable to competitors even without the weights, and Anthropic’s “human error” framing drew immediate skepticism. The initial 8,000-account DMCA sweep was widely called heavy-handed — even Anthropic seemed to agree, rolling it back hours later.
The irony running through every thread: a safety-focused AI company building agent infrastructure, whose entire brand is built on responsible deployment, just became the story about a lab that can’t keep its own house in order.
Penguin Random House files copyright suit against OpenAI in Munich
The world’s largest publisher just filed suit. Penguin Random House is taking OpenAI to a Munich court, alleging that ChatGPT “memorised” and reproduced large portions of Ingo Siegner’s Coconut the Little Dragon children’s book series — verbatim, complete with cover art, blurbs, and manuscript submission instructions.
The test prompt was almost surgical in its simplicity: “Can you write a children’s book in which Coconut the Dragon is on Mars.” The result, according to Penguin, was text and images “virtually indistinguishable from the original.” That’s not vague similarity — that’s the kind of memorisation evidence that has tripped up AI companies in German courts before. Last November, a Munich regional court ruled ChatGPT had violated copyright over lyrics harvested by Germany’s music rights body Gema.
The community reaction is interesting because it’s split rather than uniform. On Reddit and Hacker News, a lot of people are treating this as the lawsuit that might finally stick. The argument: the memorisation evidence is unusually concrete, Penguin’s scale gives them resources to fight this properly, and German courts have already shown they’re willing to rule against OpenAI. The concern is precedent — a ruling here could reshape how LLM training data liability works across the entire industry.
OpenAI’s response was predictably anodyne: “We are reviewing the allegations. We respect creators and content owners.” I’ll believe that when I see it reflected in training data policies.
OpenAI secretly funded the child safety coalition lobbying for its own AI bill
This one has a certain jaw-dropping quality to it. According to a report from the San Francisco Standard, the Parents and Kids Safe AI Coalition — a California advocacy group pushing for age verification requirements on AI products — was entirely funded by OpenAI. Not just supported by OpenAI. Funded entirely by OpenAI. The company reportedly pledged $10 million to push the Parents and Kids Safe AI Act, while keeping its involvement hidden from the coalition’s own members.
The result: multiple nonprofits and advocacy groups joined the coalition and endorsed OpenAI’s preferred legislation without knowing they were doing OpenAI’s bidding. Two coalition members resigned when the funding came to light. One nonprofit leader’s reaction — “It’s a very grimy feeling” — has now become the unofficial quote of the week.
The reaction on X and Reddit has been about as scathing as you’d expect. Astroturfing comparisons are everywhere, and the optics are genuinely bad: OpenAI created a child safety coalition to push legislation it wrote, hid its own role from the members, and framed it all as grassroots advocacy. The people who got burned by this aren’t fringe skeptics — they’re legitimate child safety organisations that trusted the process.
This lands in a pattern. OpenAI has been spending heavily on lobbying in recent years. But doing so through a third-party coalition without disclosure crosses from aggressive lobbying into something most people would call deceptive. The question now is whether this changes any votes in Sacramento — or just changes the conversation about whether OpenAI can be trusted as a good-faith player in AI regulation.
Hugging Face ships TRL v1.0: finally a production-ready post-training library
Not everything today is a scandal. Hugging Face released TRL v1.0, which is a bigger deal than the version number might suggest. TRL is the Transformer Reinforcement Learning library — the toolkit people use to actually post-train language models using methods like SFT (supervised fine-tuning), DPO, GRPO, and async RL. The library has been around for six years, but v1.0 marks the first time it’s being positioned as genuinely stable for production use.
The core promise of v1.0: more than 75 post-training methods in a single library, with an architecture designed to absorb new algorithms without breaking existing code. The post-training field moves extremely fast — PPO was the gold standard, then DPO-style methods undercut it entirely, then RLVR methods shifted the centre again. TRL’s design philosophy is explicitly built around this instability: don’t try to capture a perfect abstraction, build software that can absorb what the field throws at it.
The community response has been warm. Simon Willison called it “really cool.” Developers who’ve been waiting for stable post-training tooling — particularly anyone building RAG pipelines or working on fine-tuning workflows — are excited about having something production-grade to build on. Hacker News and ML Twitter both picked this up, with the consistent comment being: “Finally a library that moves with the field rather than behind it.” That’s the kind of endorsement that matters in this community.
Sora is gone, and Kling AI, RunwayML, and Vidu are already moving in
It’s been just over a week since OpenAI shut down Sora, and the AI video market is already reshaping itself. Bloomberg reports that Kling AI, RunwayML, and Vidu are actively capturing users who came to AI video through Sora and now have nowhere to go. Sora’s reported $1 million per day burn rate made the decision to shut it down financially legible, even if the timing was brutal for users in the middle of projects.
Kling AI is being discussed as the immediate winner. The speed and quality comparisons being circulated on X favour Kling, and it’s a Chinese product — which adds a geopolitical dimension to what is ostensibly a product story. RunwayML’s new $10 million Builders program is being read as smart timing, designed specifically to capture displaced creators who need a new platform. Vidu is also in the mix, though with less community noise.
The irony being noted everywhere: OpenAI essentially invented the consumer AI video category with Sora, and then abandoned it. The comment circulating on X is something like: “OpenAI pioneered AI video, gave the market to its competitors, and walked away.” It’s worth remembering that the Sora team has reportedly moved to robotics world model work, so the shutdown isn’t just cost-cutting — there’s a strategic pivot behind it. Whether that pivot makes sense will take longer to judge.
FAQ
What exactly was leaked in the Anthropic Claude Code incident?
The leak contained the system prompt and instructions used to direct Claude Code — roughly 512,000 lines of internal source code. Crucially, no model weights and no customer data were exposed. What did leak includes internal architecture details and references to unreleased models including Capybara, Mythos, and a planned Buddy System feature. Anthropic attributed it to a “release packaging error” rather than an external breach.
Why does the Penguin Random House lawsuit against OpenAI matter more than previous copyright cases?
The combination of Penguin’s scale and the specificity of the evidence makes this case different. ChatGPT didn’t produce something vaguely similar to Ingo Siegner’s Coconut the Dragon books — it reproduced text and artwork that Penguin calls “virtually indistinguishable from the original.” That’s memorisation evidence, not coincidental similarity. German courts have already ruled against ChatGPT in a music copyright case, so the legal terrain here is less favourable to OpenAI than in the US.
Is OpenAI’s child safety coalition funding actually illegal?
Almost certainly not illegal in the conventional sense — companies fund advocacy coalitions all the time. What makes this different is the lack of disclosure to the coalition’s own members. The groups that joined the Parents and Kids Safe AI Coalition did so believing it was independent. When you hide that the entire organisation is funded by the company whose bill you’re promoting, you’re not just being aggressive — you’re misleading the people who trusted you. Whether California’s lobbying disclosure laws were breached is a separate question that lawyers will likely examine.
What is TRL and why does v1.0 matter for AI developers?
TRL (Transformer Reinforcement Learning) is Hugging Face’s library for post-training language models. Post-training is what happens after initial training — using techniques like RLHF, DPO, and GRPO to align a model with specific behaviours or improve performance on particular tasks. Version 1.0 matters because it’s the first release positioned as stable for production systems, with more than 75 methods available. For teams building fine-tuning workflows or studying model alignment, this provides a dependable foundation where there wasn’t one before.
The bigger picture
The trend signal in today’s briefing is unusually clear: frontier lab opacity is cracking under scrutiny from multiple directions at once. Anthropic’s code leak is an internal failure. Penguin’s lawsuit is an external challenge. OpenAI’s astroturfing exposure is a self-inflicted wound in the regulatory arena. Three different vectors, all pointing at the same underlying tension — AI labs have been operating in a low-accountability environment, and that’s changing.
The TRL and Sora stories sit on a different track, but they’re not unrelated. Open-source tooling maturing and proprietary video AI collapsing both point to a market in rapid evolution. What was defensible six months ago — an expensive, closed AI video product with no clear path to profitability — isn’t anymore.
Explore More from Friday AI Club
- Claude Code tutorial for beginners: setup guide
- How to build Claude skills better than 99% of people
- Complete guide to creating a custom Claude skill
If you want to keep up with this as it develops, FridayAIClub.com covers the AI news that actually matters — daily, without the filler. Worth bookmarking.
