An Anthropic employee has (seemingly) inadvertently shared Claude Code’s source code publicly. Although the leaked file has since been locked away, many users have obtained and made a copy available online. 512,000 lines of TypeScript code spread across some 1,900 files reveal all sorts of previously unknown details about both Claude Code in its current form and future plans.
Anthropic shares relatively little about its own AI models and tools, even though the well-known Model Context Protocol is their creation. On Tuesday, security researcher Chaofan Shou discovered that a snapshot of the source code behind Claude Code was freely available via the npm registry. This was a JavaScript source map file from their official package for Claude Code. Since then, the TypeScript codebase has been forked tens of thousands of times on GitHub. It will take weeks before all elements of the leak have been fully investigated, given the size of the codebase. Nevertheless, much is already known about some powerful features that Anthropic has built or plans to release.
Complex resources
KAIROS, an autonomous mode for Claude Code, does not yet exist. The leak suggests that this feature would run as an always-on daemon to optimize code. Internal inconsistencies in codebases and unnecessary memory consumption could eventually become a thing of the past thanks to KAIROS. Anthropic has not yet shared this feature. Combined with the reportedly powerful Mythos model for Claude, new use cases could well become a reality.
Anthropic has often hit the brakes for security reasons. At least, that’s how it likes to present itself. The company, through CEO Dario Amodei, has also repeatedly spoken out against foreign attempts at distillation—that is, extracting knowledge and outputs from American models to build LLMs of, for example, Chinese origin. An “ANTI_DISTILLATION_CC” flag in the Claude Code leak indicates the scraping of API traffic to counter these distillation attempts. This is done in a rather devious manner. Instead of blocking the traffic, Anthropic uses this flag to call upon non-existent tools to poison the training data of other AI labs. As a result, third parties end up worse off for attempting to train on Claude Code.
Current Performance
Claude Code’s current capabilities exceed the benchmarks. In other words: developers are generally more positive about the Anthropic solution than the raw metrics from coding tests for AI models suggest when compared to other tested LLMs. One possible cause for this can be found in the Claude Code leak.
A self-healing capability within Claude Code is effectively a step toward addressing the problem of “context entropy.” This is a risk for LLMs where prolonged AI sessions degrade in accuracy and quality because the computations rely on too much information from a conversation or API interaction. To refresh Claude Code’s memory, the agent uses MEMORY.md, an index of pointers to summarize lines of code. These pointers are only refreshed after code has been successfully added to files. The agent also often opts to grep for relevant information rather than having the tooling read every token from a transcript.
Future Outlook
Some other discoveries are not entirely surprising. Consider references to Opus 4.7 and Sonnet 4.8, future Claude releases that do not yet appear to be ready for release. Also, internal codenames like Capybara, Tengu, Fennec, and Numbat are not particularly revealing beyond certain benchmarks.
All in all, Anthropic will be bummed about the leak (if it was truly unintentional, and it certainly seems that way). Still, it’s not as if their own model was completely leaked to the outside world. The weights of Meta’s first LLaMA model were shared in 2023 by a user who had legitimately gained access to the LLM. Since then, the Llama series of AI models has been open-source (or open-weight, since the training data is not open-source or shared in detail). So, in a sense, that leak seemed to take a positive turn for Meta; or perhaps it was simply done intentionally through a roundabout way. In any case, Anthropic is nowhere near as generous and, strategically speaking, has revealed a bit more of its hand in the short term than the competition. For now, it serves as an unintended lesson from Anthropic for builders of AI-driven CLI tools on what does and does not work for such a solution.