What your describing would be plausible if this was about exploiting claude to get access to organisations that use it.

The gist of the anthropic thing is that "claude made, deployed and coordinated" a standard malware attack. Which is a _very_ different task.

Side note, most code assistants are trained on broadly similar coding datasets (ie github scrapes.)