Claude Code users hitting usage limits 'way faster than expected'

The News

Anthropic is facing unexpectedly high usage rates of Claude Code, a situation that coincided with a significant security breach involving the command-line interface (CLI) source code [1]. The issue, first reported on March 31, 2026, stems from users exhausting allocated resources at a rate far exceeding Anthropic’s initial projections [1]. Simultaneously, a 59.8 MB JavaScript source map file, intended for internal debugging, was accidentally published on the npm registry as part of the @anthropic-ai/claude-code package version 2.1.88 [4]. This leak exposes the CLI’s inner workings, providing a detailed blueprint of its functionality without revealing the core language models [3]. The timing of these two events—rapidly depleting usage limits and a critical code leak—poses a complex challenge for Anthropic, potentially affecting user experience and competitive positioning [1]. The company has yet to issue a comprehensive statement addressing both issues beyond acknowledging the leak [4].

The Context

Claude Code, launched in 2023, represents Anthropic's entry into AI-assisted coding, leveraging the Claude language model series [2]. Designed as a friendly, male-gendered counterpart to assistants like Alexa and Siri [2], Claude Code targets developers with features such as code generation, debugging assistance, and code explanation [4]. The leaked source code pertains to the CLI, which serves as the user interface for interacting with the Claude Code models [3]. While the CLI does not contain the core model weights, it handles critical functions like authentication, API request formatting, and result parsing [3]. The accidental inclusion of the source map file, a debugging artifact, reveals the TypeScript codebase underpinning this CLI functionality [2]. Source maps are typically used to translate compressed code back into readable form for debugging [2]. Their presence in a public package constitutes a serious security and intellectual property oversight [4].

The rapid depletion of usage limits likely stems from multiple factors. Initial projections for usage were based on early adoption rates, which were dramatically surpassed [1]. Anthropic’s Claude Code has experienced explosive growth, contributing to a $19 billion valuation with $2.5 billion in revenue, representing 80% of the company’s total revenue [4]. The agentic AI capabilities of Claude Code, enabling complex and automated workflows, likely drive higher resource consumption compared to simpler coding tasks [4]. The leak may also exacerbate the issue, as developers now understand the CLI’s functionality and could optimize or exploit it to maximize access [3]. The leak also revealed a "Tamagotchi-style 'pet'" feature within the CLI, suggesting a gamified user experience aimed at boosting engagement—a feature that could further drive usage [2]. Anthropic initially offered tiered pricing, with 30% of users on the free tier and 16.7% on the lowest paid tier [4]. The rapid uptake and subsequent strain on resources highlight the challenges of scaling AI services while balancing accessibility and profitability [1].

Why It Matters

The combined impact of the code leak and usage limit issues presents significant challenges for Anthropic across multiple fronts. For developers, the leak provides a valuable resource for understanding the CLI’s architecture, potentially enabling reverse-engineering of its functionality [3]. This could lead to the creation of alternative interfaces or tools that bypass Anthropic’s intended usage patterns, threatening platform stability and security [3]. While the leak does not expose the core language model, the detailed CLI blueprint allows competitors to accelerate their own development efforts, potentially replicating key features [3].

Enterprise and startup users face disruptions as businesses relying on Claude Code for critical workflows now contend with unpredictable resource constraints, risking project delays and increased costs [1]. The leak also raises concerns about intellectual property protection and unauthorized modifications or distribution of the CLI code [4]. The cost of scaling infrastructure to meet unexpectedly high demand is straining Anthropic’s resources, potentially leading to pricing hikes or stricter usage limits [1]. The company’s revenue, heavily reliant on Claude Code, is now vulnerable to user attrition and competitive pressure from those leveraging the leaked information [4]. The leak has also damaged Anthropic’s reputation, casting doubt on its internal security practices and engineering rigor [4].

Competitors like OpenAI, Google, and Cohere can exploit the leaked information to accelerate their AI-assisted coding development [3]. Open-source communities and independent developers may analyze the code to gain insights into Anthropic’s design choices, potentially contributing to alternative implementations [3]. Security researchers can scrutinize the code for vulnerabilities and exploits [4]. Conversely, Anthropic is facing reputational damage, potential revenue loss, and increased competitive pressure [4].

The Bigger Picture

The Anthropic situation reflects a broader trend in the AI industry: the increasing complexity and fragility of large language model deployments [1]. As AI models become more powerful and widely adopted, scaling infrastructure, managing resources, and protecting intellectual property have become more critical challenges [1]. The incident underscores the need for robust security protocols and meticulous code review processes, especially in rapidly evolving AI technologies [4]. OpenAI, for example, has pursued partnerships and infrastructure investments to address similar scaling challenges [1]. Google’s PaLM 3 has also faced scrutiny over resource consumption and potential biases [1]. The leak highlights risks in open-source development and the need for careful management of dependencies and artifacts [3]. The prevalence of JavaScript and TypeScript in modern AI development, as evidenced by the leaked source map file, also points to inherent vulnerabilities in these technologies [2]. The next 12-18 months will likely see heightened focus on AI infrastructure optimization, security hardening, and the development of more sustainable models [1]. Smaller, specialized language models designed for specific tasks and requiring fewer resources may gain traction as a response to scaling challenges [1].

Daily Neural Digest Analysis

Mainstream media has focused primarily on the code leak as a security breach, but the simultaneous issue of rapidly depleting usage limits reveals a deeper systemic problem: Anthropic underestimated demand for Claude Code and failed to adequately prepare its infrastructure [1]. The leak, while a significant setback, is a symptom of a larger issue—lack of engineering discipline and a rushed deployment process [4]. The fact that a source map file, a known debugging artifact, was inadvertently published underscores a lack of attention to detail and inadequate code review processes [4]. The company’s initial pricing structure, intended to balance accessibility and profitability, appears unsustainable given the unexpectedly high adoption rate [4]. The incident serves as a cautionary tale for other AI developers: rapid growth requires robust engineering practices and proactive resource management [1]. The question now is whether Anthropic can address infrastructure issues and regain user trust before competitors exploit the leaked code to permanently erode its market share [4].

---

References

[1] Editorial_board — Original article — https://www.theregister.com/2026/03/31/anthropic_claude_code_limits/

[2] The Verge — Claude Code leak exposes a Tamagotchi-style ‘pet’ and an always-on agent — https://www.theverge.com/ai-artificial-intelligence/904776/anthropic-claude-source-code-leak

[3] Ars Technica — Entire Claude Code CLI source code leaks thanks to exposed map file — https://arstechnica.com/ai/2026/03/entire-claude-code-cli-source-code-leaks-thanks-to-exposed-map-file/

[4] VentureBeat — Claude Code's source code appears to have leaked: here's what we know — https://venturebeat.com/technology/claude-codes-source-code-appears-to-have-leaked-heres-what-we-know