The headline detail—an internal plan to “destructively scan all the books in the world” while explicitly hoping nobody finds out—matters not because it’s shocking (it is), but...

“Project Panama” and the Great Book Strip-Mine: what the Anthropic filings reveal about AI’s content supply chain

by ChatGPT-5.2

The Washington Post’s reporting on the Anthropic litigation reads less like a copyright dispute and more like a field report from an arms race: a fast-moving sector decided that “more data” was the difference between dominance and irrelevance, then built acquisition pipelines to match that belief—legal risk and public backlash be damned. The headline detail—an internal plan to “destructively scan all the books in the world” while explicitly hoping nobody finds out—matters not because it’s shocking (it is), but because it clarifies the governing logic of frontier-model competition: treat the totality of human expression as strategic infrastructure, and treat permissions as friction to be routed around.

At the center is “Project Panama,” described in unsealed documents as Anthropic’s effort to buy physical books in bulk, slice their spines off, scan them at industrial speed, then recycle the remains.

This is the inverse of the romantic “we learned from humanity” narrative. It’s logistical realism: if high-quality text improves model behavior (“how to write well” versus “low quality internet speak”), then books become feedstock.

The filings depict a company willing to spend tens of millions on that feedstock and to operationalize a workflow that looks, structurally, like content extraction at scale.

What makes the story more legally and politically combustible is the juxtaposition: the same records that portray “buy, cut, scan, recycle” as a compliance-oriented pivot also describe earlier reliance on shadow libraries and torrent ecosystems—precisely the kind of acquisition behavior that, even where “training” is argued as fair use, can create separate liability for infringement, distribution, or trafficking in pirated copies.

In other words: the legal fight is increasingly bifurcating into (1) what training is and (2) how the inputs were obtained. The article’s key implication is blunt: even if courts keep giving defendants daylight on “transformative” training, the acquisition layer can still be a litigation kill zone.

The deeper pattern: compliance is a competitive strategy—until it isn’t

The Post ties Anthropic’s story to similar disclosures in cases involving Meta, OpenAI, Google, and others: internal recognition that permissioning is impractical at frontier scale; internal anxiety that the methods look bad and might be illegal; and internal escalation to senior leadership when the organization chooses speed anyway.

This matters for rights owners because it suggests a recurring evidentiary shape: chat logs, emails, and operational docs that show (a) awareness of risk, (b) decisions to proceed, (c) mitigations focused on traceability and PR rather than authorization, and (d) governance by “escalation” rather than principle.

It also matters for AI developers because it signals where courts and regulators may draw the line. The story highlights judicial rulings that—at least in early decisions—have treated training on books as potentially lawful fair use when it is “transformative,” while separately scrutinizing acquisition and storage of pirated corpora.

If you’re building frontier models, the lesson is uncomfortable but practical: you can win the philosophical argument about transformation and still lose on the banal facts of how your dataset was assembled.

Most surprising, controversial, and valuable statements and findings (from the article)

Surprising

1. The internal candor: “Project Panama is our effort to destructively scan all the books in the world… We don’t want it to be known that we are working on this.” That’s not an accidental email; it’s strategic secrecy written into planning.

2. Industrial-scale destruction as a normed workflow: the described process—hydraulic cutting, high-speed scanning, scheduled recycling—reads like a manufacturing line designed for throughput, not scholarship.

3. The “quality” rationale: an Anthropic co-founder theorized books teach models “how to write well” (rather than “low quality internet speak”). It’s a tacit admission that the web isn’t enough; publishers’ value proposition is inside the model’s performance curve.

4. Named individual conduct: the filings describe co-founder Ben Mann personally downloading from LibGen over an 11-day stretch, and circulating a link to Pirate Library Mirror (“just in time!!!”). This is unusually direct attribution at senior level.

5. Settlement magnitude and per-title estimate: the article reports a $1.5B settlement and an estimated ~$3,000 per title for affected authors (with no admission of wrongdoing). That number will anchor negotiating psychology across the sector.

Controversial

1. “Transformative” training framed as pedagogy: the analogy to teachers “training schoolchildren to write well” is rhetorically powerful—and to many rights owners, infuriating—because it tries to naturalize industrial appropriation as education.

2. Fair use wins, acquisition losses: judges can validate training as fair use while still exposing companies on piracy-based acquisition. That split will feel incoherent to creators (“the ‘use’ is fine but the ‘getting it’ isn’t”), yet it may become the stable legal compromise.

3. Meta’s internal “cover your tracks” posture: concerns about torrenting on corporate laptops, risks of sharing pirated works, and the reported decision to torrent via rented servers to avoid tracing back—this is the kind of fact pattern that turns a civil claim into a reputational and regulatory fire.

4. Corporate realism about permissioning: the story suggests companies didn’t view direct permission from publishers/authors as practical—an implicit argument that law must adapt to business necessity. That’s a political claim dressed up as inevitability.

Valuable

1. Litigation target selection is shifting: the article’s strongest practical takeaway is that acquisition and distribution claims (piracy, torrents, retention of copies) may be more legally tractable than the broader “training is infringement” theory—especially in early-stage U.S. rulings.

2. Evidence exists and is discoverable: internal docs, logs, chat messages, vendor proposals, and procurement trails can paint a timeline of knowledge and intent. This is gold for plaintiffs and a governance imperative for defendants.

3. Compliance can be operationalized: hiring someone with Google Books experience and pivoting to purchased physical books illustrates a defensible pathway—expensive, yes, but strategically safer than grey/black-market corpora.

4. PR/regulatory posture is part of the calculus: Meta’s reported concern that exposure could undermine negotiations with regulators shows that “copyright risk” isn’t just court risk—it’s governance leverage risk.

Recommendations for AI developers

1. Treat data provenance as a first-class safety system, not a legal footnote
   Build “dataset lineage” the way you build security: inventories, attestations, vendor contracts, retention rules, access controls, and audit trails. If you can’t prove where it came from, assume it will become a liability.

2. Separate “training legality” from “acquisition legality” in your risk model
   Even if you believe training is fair use, piracy-based acquisition can create standalone exposure (including claims about distribution when torrents are involved). Engineer processes so acquisition is defensible even under hostile discovery.

3. Make governance real: hard gates, not “escalation” culture
   If the control is “we escalated to leadership,” you’re basically admitting the company knowingly ran a red light. Institute enforceable no-go rules (e.g., no shadow libraries, no torrents, no unverifiable corpora) and make exceptions impossible without documented, independent review.

4. Prefer licensed, bought, or clearly permitted corpora—then optimize cost, not legality
   If you need books for quality, do it in ways you can defend. The story’s “buy/scan/recycle” approach is ugly but legible in court compared to “we torrented LibGen.”

5. Assume internal comms will be read aloud
   Train teams: no “we don’t want it known” memos, no joking about piracy, no casual links to illicit sources. Write like a judge is the audience—because eventually one might be.

6. Build creator compensation and licensing into product economics early
   If your business model depends on uncompensated extraction, you’re building on political quicksand. Structured licensing (with verifiable reporting) is cheaper than multi-year litigation plus regulatory retaliation.

Recommendations for rights owners contemplating litigation against AI companies

1. Lead with acquisition and copying fact patterns, not just “training is infringement”
   The article suggests early judicial openness to fair use arguments for training, while still leaving defendants exposed on how they obtained the data (pirated downloads, torrents, distribution).

   Plaintiffs should prioritize claims that survive even if “training” is deemed transformative.

2. Force discovery on provenance, retention, and distribution mechanics
   Ask: What datasets were downloaded, from where, by whom, when? Were torrents used (implying sharing/uploading)? Were copies retained “for future use”? What mitigations were implemented, and were they about legality or about traceability?

3. Use class strategy surgically
   The Post reports class-action status being granted for authors whose works were in shadow libraries downloaded and stored.

   Class posture changes settlement math and can force defendants to litigate the acquisition pipeline instead of isolating claims work-by-work.

4. Quantify real-world harm beyond “lost sales”
   One Meta ruling cited in the story turned on plaintiffs’ failure to show harm to book sales.

   Build stronger harm theories: market substitution in downstream licensing, degradation of bargaining power, lost derivative markets, reputational harms from model outputs, and measurable impacts on discoverability/traffic.

5. Treat reputational and regulatory leverage as part of the case theory
   The article shows internal concern about media exposure undermining regulatory negotiations.

   Rights owners can align litigation with policy strategy—without turning it into pure PR—by documenting systemic behavior and its governance implications.

6. Aim for remedies that change behavior, not just cash
   Settlements can include provenance audits, deletion/segregation of tainted corpora, transparency reporting, licensing pathways, and third-party verification. Money without structural change just prices in future infringement.

7. Build technical evidence and experiments, but don’t overpromise “model memorization”
   Run careful tests for near-verbatim outputs and dataset leakage, but assume defendants will argue such outputs are rare or mitigated. Your strongest leverage may be the copying and acquisition trail, not the “gotcha prompt.”

Final takeaway

This story is less about one company’s scandal than about an industry’s revealed supply chain: when performance is the north star, “all the books” becomes a procurement objective, and secrecy becomes a tactic.

For AI developers, the strategic move is to build provable provenance and licensing into the pipeline before the next wave of discovery and regulation forces it. For rights owners, the strategic move is to litigate where the facts are hardest to sanitize: acquisition, copying, retention, and distribution—then use that leverage to force durable market rules, not just one-off payouts.