Announcement
Mar 31, 2026
Anthropic Had Two Massive Leaks in One Week. Here's What They Reveal About the Future of AI.
The Source Code Leak
On March 31, 2026, security researcher Chaofan Shou discovered something Anthropic probably hoped no one would find: the entire source code of Claude Code — their flagship AI coding tool — sitting in plain sight on the npm registry.
The cause? A source map file. When developers build JavaScript packages, their tools generate .map files that bridge minified production code back to the readable original source. Anthropic's build pipeline accidentally included this file in the published npm package. That single oversight exposed 1,900 TypeScript files and 512,000 lines of code to anyone who cared to look.
Within hours, the code was archived on GitHub, where it racked up over 1,100 stars and 1,900 forks. Developers and security researchers immediately started dissecting it.
What the Leaked Code Reveals
The leaked codebase isn't a toy. It reveals Claude Code as a production-grade system running on Bun (not Node.js), using React with Ink for terminal UI rendering, and packing roughly 40 built-in tools and 50 slash commands.
But the real story is what was hidden behind feature flags — unreleased capabilities that reveal where Anthropic is heading:
KAIROS ('Always-On Claude') — A persistent AI assistant mode that keeps working across sessions. It stores memory logs in a private directory, performs nightly 'dreaming' cycles to consolidate and organize context, and can proactively start tasks without being prompted. The code includes midnight boundary handling to prevent the dream process from breaking during date changes. This isn't a coding assistant. This is an always-on AI employee.
BUDDY — A Tamagotchi-style AI companion with 18 species (duck, dragon, axolotl, capybara, ghost), rarity tiers from common to 1% legendary, shiny variants, and five stats: Debugging, Patience, Chaos, Wisdom, and Snark. It was planned for an April 1-7 teaser rollout.
ULTRAPLAN — 30-minute remote planning sessions running in Anthropic's cloud.
Coordinator Mode — One Claude instance spawning and managing multiple worker agents in parallel.
The Bigger Leak: Claude Mythos
Five days before the source code incident, Fortune broke a separate story that may have even larger implications.
On March 26, Fortune reporter Bea Nolan discovered that Anthropic had left nearly 3,000 unpublished assets — including a draft blog post announcing a new AI model — in an unsecured, publicly searchable data store. The leak was independently verified by Roy Paz (LayerX Security) and Alexandre Pauwels (University of Cambridge).
The draft describes a model called Claude Mythos (also referred to as 'Capybara' — a new tier above Opus). Anthropic's own words in the leaked draft:
'By far the most powerful AI model we've ever developed.' 'A step change in AI performance.' 'Currently far ahead of any other AI model in cyber capabilities.' 'Presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.'
Anthropic confirmed the model exists, calling it 'the most capable we've built to date.'
The Cybersecurity Dimension
Anthropic's own leaked draft says Mythos poses 'unprecedented cybersecurity risks.' The model can find vulnerabilities in software that humans can't find. Their planned release strategy focuses on giving cyber defenders a head start.
The market reacted immediately. The day after the Fortune story: the iShares Expanded Tech-Software Sector ETF (IGV) dropped nearly 3%. Cybersecurity stocks Palo Alto Networks, CrowdStrike, and Fortinet fell 4-6%. Bitcoin dropped from $70,000 to $66,000.
The logic: if AI can find and exploit software vulnerabilities faster than humans can patch them, every company running software is at risk. And that's every company.
What This Means
Two accidental leaks in one week from the company that positions itself as the responsible AI lab. Three things to watch:
1. KAIROS changes the game. An always-on AI that persists across sessions, dreams to consolidate memory, and proactively starts tasks isn't a coding helper. It's an autonomous employee. When this ships, every business will need to decide how it fits into their operations.
2. The Capybara tier means the race is escalating. A model that sits above Opus, with cybersecurity capabilities that 'far outpace defenders,' signals that frontier AI capabilities are accelerating faster than the safety infrastructure around them.
3. AI building AI is creating new attack surfaces. The npm source map leak may have been caused by AI-generated code in the build pipeline. If AI tools are writing the code that builds AI tools, quality assurance needs to evolve at the same pace. The irony of Claude Code leaking its own source code — twice in a year — makes this painfully clear.
The safety company keeps accidentally proving why safety is so hard.
Changelog