This leak pulls back the curtain on one of the AI industry's most opaque layers: the human-directed “clean-up” phase of training, where models are fine-tuned using curated (and excluded) sources.

The Claude AI Leak and Its Implications for Rights Holders and AI Accountability

by ChatGPT-4o

Introduction

In July 2025, a leak of internal documentation from Surge AI—an Anthropic contractor—revealed detailed lists of websites that were approved or banned for use during the fine-tuning phase of Claude, Anthropic’s large language model. The lists, exposed through publicly accessible Google Drive folders, offer rare insight into how major AI models are shaped during human-supervised reinforcement learning. This leak matters not only for transparency and ethics in AI but also for rights holders—including scholarly publishers—who now have a clearer map of how their content might be treated during model development.

Overview of the Leak

According to reports from Tom’s Guide and Business Insider, the leaked spreadsheet categorized websites into:

• Allowed (Whitelisted) Sources: Considered reliable or safe for use during Claude’s Reinforcement Learning from Human Feedback (RLHF) phase.

• Disallowed (Blacklisted) Sources: Explicitly banned, possibly due to licensing, copyright, or reputational concerns.

Anthropic distanced itself from the document, claiming it had no prior knowledge of the spreadsheet, which was developed by Surge AI. Nonetheless, the leak has triggered scrutiny over how contractors shape AI outputs—often with little oversight from the AI vendors themselves.

Full List of Known Allowed and Banned Sources

✅ Approved Sources (Examples from “teaching-ai-example-sites-you-can-use.pdf” and press reporting)

These 120+ sites span academia, government, finance, medicine, and law. Key entries include:

Academic / University Websites

• Harvard University —

https://www.harvard.edu

• MIT —

https://web.mit.edu

• Princeton —

https://www.princeton.edu

• Yale —

https://yale.edu

• University of Chicago —

https://www.uchicago.edu

Finance / Business

• Bloomberg —

https://bloomberg.com

• Crunchbase —

https://www.crunchbase.com

• Pitchbook — https://pitchbook.com/news

• MorningStar —

https://www.morningstar.com

Medical / Health

• Mayo Clinic —

https://www.mayoclinic.org

• New England Journal of Medicine —

https://www.nejm.org

• Johns Hopkins Medicine —

https://www.hopkinsmedicine.org

• WHO —

https://www.who.int

Law / Government

• Legal Information Institute —

https://www.law.cornell.edu

• Justia —

https://www.justia.com

• Congress.gov —

https://www.congress.gov

• National Archives —

https://www.archives.gov

• GovInfo —

https://www.govinfo.gov

STEM & Software

• IEEE Xplore —

https://ieeexplore.ieee.org

• Papers With Code —

https://paperswithcode.com

• GitHub —

https://github.com

• arXiv (CS) — https://arxiv.org/cs

❌ Disallowed Sources (from “teaching-ai-not-approved.pdf”, press coverage, and leaks)

The "banned" list includes over 50 sites, with strong representation from journalism, academic publishing, and online platforms known for user-generated content.

News Outlets

• The New York Times —

https://nytimes.com

• The Wall Street Journal —

https://wsj.com

• Reuters —

https://reuters.com

• Financial Times —

https://www.ft.com

• The Economist —

https://economist.com

• BBC —

https://bbc.com

User Platforms / Miscellaneous

• Reddit —

https://reddit.com

• Wikipedia —

https://en.wikipedia.org

• Quora —

https://quora.com

• Yahoo —

https://yahoo.com

Academic / Research Publishers

• Wiley —

https://wiley.com

• PLOS —

https://plos.org

• Stanford University —

https://www.stanford.edu

• Harvard Business Review —

https://hbr.org

• BioRxiv —

https://biorxiv.org

Government / Medical Sources

• FDA —

https://www.fda.gov

• ClinicalTrials.gov —

https://clinicaltrials.gov

• Library of Congress —

https://www.loc.gov

• Department of Education —

https://ed.gov

Analysis: Why Certain Sites Were Disallowed

The rationale behind banning sites likely reflects a combination of:

1. Copyright and Licensing Risk: Many disallowed entities—like Wiley, NYT, and Reddit—have already taken legal or policy steps to restrict AI training on their content.

2. Reputational Risk: Reddit and Wikipedia, while massive repositories of user-generated content, are seen as unreliable or unmoderated for factual training.

3. Legal Compliance: Disallowing sites with robots.txt exclusions or formal take-down requests signals an effort to appear compliant with copyright and scraping norms—even if retroactively.

Anthropic told Business Insider it had no knowledge of the Surge AI list, but this distancing doesn’t eliminate its accountability under copyright law, as RLHF and pretraining may both fall under scrutiny in future litigation.

Legal Context and Risk

Legal scholars cited in the coverage argue that courts may not meaningfully distinguish between:

• Pretraining (ingesting vast quantities of data for model initialization), and

• Fine-tuning (especially RLHF, where gig workers use third-party content to craft and rank model responses).

Both may be seen as substantial use of protected content, with or without direct ingestion. Therefore, even “teaching” models using copyrighted PDFs or website content during RLHF may still trigger copyright liability.

This mirrors legal positions taken by:

• The New York Times (suing OpenAI and Microsoft),

• Reddit (suing Anthropic),

• Dow Jones (suing Perplexity), and

• Authors, developers, and visual artists (in dozens of copyright class actions worldwide).

Implications for Rights Holders and Plaintiffs

🧩 1. Evidence of Intentional Avoidance or Use

This leak shows that AI vendors (or their contractors) are actively distinguishing between approved and banned content. For plaintiffs, this weakens “innocent infringement” claims.

🧠 2. Proof of Access and Selective Use

Disallowed sites, including those involved in lawsuits, appear specifically listed—suggesting Surge AI (and by extension Anthropic) knew or anticipated rights-based restrictions. This strengthens claims that AI companies exercised control over what was used.

⚖️ 3. Support for Licensing Demands

Platforms like Wiley and PLOS can now assert that exclusion from RLHF processes reduces their visibility in AI outputs—a potential commercial harm or bargaining chip in licensing negotiations.

📚 4. New Discovery Material

Litigants may subpoena similar training spreadsheets or contractor instructions from other AI companies, especially where Surge AI or Scale AI were involved. These documents can serve as:

• Evidence of willful copying

• Internal inconsistencies (e.g., using Harvard.edu but banning Stanford.edu)

• Precedent for settlement discussions

🔍 5. Policy Advocacy and Regulatory Reform

Scholarly publishers and academic societies can use the leak to push for:

• AI transparency rules mandating disclosure of training and tuning sources

• Greater regulation of third-party contractors

• “Opt-in by default” licensing frameworks for academic and scientific content

Conclusion

This leak pulls back the curtain on one of the AI industry's most opaque layers: the human-directed “clean-up” phase of training, where models are fine-tuned using curated (and excluded) sources. It confirms that platforms like Claude are shaped not just by math and compute, but by deliberate editorial choices—sometimes outsourced, often hidden.

For rights holders, especially scholarly publishers and plaintiffs in ongoing lawsuits, the leak presents a rare opportunity:

• To demonstrate that vendors do make judgments about whose content to include or exclude,

• To advocate for transparent licensing regimes,

• And to reinforce the legal and ethical necessity of respecting intellectual property in all phases of model development.

Sources Referenced:

• Claude AI training leak reveals trusted and banned websites — Tom’s Guide

• Leaked Surge AI List Shows Which Sites Shaped Anthropic's AI — Business Insider