Anthropic Just Accidentally Showed Us the Future of AI Coding Tools

TL;DR: Anthropic accidentally published the entire source code for Claude Code, their AI coding assistant, to a public registry. It’s the second leak in five days, after a CMS error exposed details about a new model called Claude Mythos. The code itself is interesting, but what it reveals about where Claude is headed is the real story. If you’re making AI platform decisions for your firm, this changes what you should be watching for.

You know that feeling when someone accidentally shares their screen and their browser tabs tell a very different story than their presentation? That’s roughly what happened to Anthropic this morning.

On March 31st, a security researcher named Chaofan Shou noticed something sitting in plain sight on npm, the public registry where Claude Code gets distributed to developers. A source map file. If you’re not technical, think of it like this: when software gets packaged for release, it gets compressed into something unreadable. A source map is the decoder ring that translates it back into the original code. It’s a debugging tool. It was never supposed to ship publicly.

But it did. And it contained everything. All 512,000 lines of it. Every tool, every feature flag, every system prompt, every internal codename.

Within hours, the code was on GitHub. Over 1,100 stars, nearly 2,000 forks. The internet had it, and you can’t put that back in the bottle.

How a Missing Line of Config Exposed Everything

Here’s what makes this almost painful to read. The cause wasn’t some sophisticated hack. It wasn’t a disgruntled employee. It was a build configuration setting.

Claude Code is built using a tool called Bun, which generates source maps by default. Someone at Anthropic either forgot to turn that off for production builds or forgot to exclude the .map file from the published package. One missing line in a config file, and the whole codebase went public.

The kicker? Buried inside the leaked code is a system called “Undercover Mode,” built specifically to prevent Anthropic’s internal information from leaking into public repositories. It injects instructions into Claude’s system prompt telling it to never reveal internal codenames or mention it’s an AI in commit messages. They built an entire subsystem to stop leaks. And then the subsystem itself leaked, along with everything else, in a file anyone could download.

For a company whose entire brand is “we’re the careful ones,” this is not a great week.

Actually, It’s Worse Than That. This Is Leak Number Two.

Five days earlier, on March 26th, a separate misconfiguration in Anthropic’s content management system exposed nearly 3,000 internal files. Draft blog posts, internal documents, the works. Fortune broke the story.

The biggest revelation from that first leak: Anthropic is testing a new model called Claude Mythos, internally codenamed Capybara. This isn’t an incremental update. According to the leaked draft blog post, Capybara is a new tier of model that sits above Opus, making it the most powerful thing Anthropic has ever built. The company confirmed it, with a spokesperson calling it “a step change” and “the most capable we’ve built to date.”

Two different teams. Two different systems. Two configuration errors. Five days apart. At a company reportedly eyeing an October IPO at a $380 billion valuation.

I’m not here to pile on Anthropic. I think they build the best models in the market right now, and I’ve said that publicly. But if you’re advising clients on AI vendor selection, the operational maturity question just got a lot more concrete.

What the Leak Actually Tells Us About What’s Coming

Here’s where it gets genuinely interesting for anyone making AI strategy decisions. The leaked codebase didn’t just show how Claude Code works today. It showed what Anthropic has been quietly building for the near future. And some of it changes the conversation about what these tools can do.

KAIROS: Claude that doesn’t wait for you to ask. This is the big one. Right now, every AI coding tool is reactive. You type, it responds. KAIROS flips that. It’s a persistent background mode where Claude watches your working environment, writes daily observation logs, and can act on things it notices without being prompted. There’s a 15-second blocking budget built in so it won’t interrupt your flow with something slow, and it receives periodic “tick” prompts where it decides whether to act or stay quiet. Think of it less like an assistant waiting for instructions and more like a colleague who’s been paying attention to the project and flags things before you have to ask.

ULTRAPLAN: 30-minute deep planning sessions. Right now, if you want Claude to do serious strategic planning, you have to walk it through the process step by step. ULTRAPLAN offloads complex planning to a remote cloud container running Opus 4.6, gives it up to 30 minutes to think, and lets you approve the result from a browser-based interface. For firms doing complex project planning, litigation strategy, or deal structuring, the idea of handing Claude a planning problem and getting back a structured output after 30 minutes of autonomous thinking is a meaningful jump.

Multi-Agent Coordination. Claude can already spin up sub-agents for certain tasks. But the coordinator system in this codebase is far more developed than what’s currently available. One Claude orchestrating multiple worker agents running in parallel. If you’re thinking about how firms will eventually process large document sets, run due diligence across multiple workstreams, or manage parallel research threads, this is the architecture that makes it possible.

The Dream System. This one’s subtle but important. It’s a background memory consolidation engine where Claude literally “dreams” while you’re away. It merges observations, removes contradictions, and converts fuzzy insights into reliable facts. When you come back to a session, the context has already been cleaned up and organized. For anyone who’s been frustrated by context window limits or AI “forgetting” what it was doing mid-project, this is Anthropic’s answer.

And yes, there’s a Tamagotchi. Called “Buddy.” 18 species, shiny variants, procedurally generated personalities. It was apparently meant to launch as a surprise during April 1-7, with a full release in May. It’s delightful and has absolutely nothing to do with your AI strategy, but I figured you’d want to know.

What This Means If You’re Making Platform Decisions

Let me be direct about what I think matters here for firm leaders.

The underlying models didn’t leak. None of Claude’s training data, weights, or core intelligence was exposed. This was the CLI wrapper (the text-based interface developers use to interact with the tool), not the engine. Your data handled through Claude’s API (the behind-the-scenes connection your firm uses to securely send data to the model) remains secure, and the security of Claude as a tool for your firm hasn’t changed. Just to emphasize: no client data leaked.

What changed is visibility. We now have a much clearer picture of Anthropic’s product roadmap than we were supposed to, and it’s genuinely ambitious. KAIROS, ULTRAPLAN, and Coordinator Mode aren’t concepts on a slide deck. They’re built. They exist in the codebase behind feature flags. The gap between “announced product” and “shipped product” is a lot smaller than anyone outside Anthropic knew.

And then there’s Mythos. A model tier above Opus, with what Anthropic describes as dramatically higher scores in coding, reasoning, and cybersecurity. That’s not just another model update. If the benchmarks hold in practice, it changes the competitive picture meaningfully.

Here’s what I’d actually do with this information.

First, if you’ve been waiting to see whether Claude is a serious long-term platform before committing, this leak answers that question. The depth of engineering behind Claude Code, the multi-agent architecture, the proactive assistance features, this is not a company building a chatbot wrapper. This is infrastructure.

Second, watch the release timeline. Anthropic may accelerate the launch of features like KAIROS now that the designs are public. If your firm is evaluating AI coding tools or AI-assisted research platforms, the product you’re looking at today could look very different by Q3.

Third, the “two leaks in five days” pattern is a real data point for your vendor risk assessment. Not because the tool is less capable, but because operational security matters when you’re entrusting client data to a platform. Ask the hard questions in your next vendor review. Anthropic’s answers will tell you a lot about how seriously they’re taking the lesson.

Fourth, start thinking about what “always-on AI” means for your workflows. KAIROS isn’t here yet, but the direction is clear. The firms that start identifying which repetitive monitoring, flagging, and follow-up tasks could be handled by a persistent AI assistant will be ready when it arrives. The ones who wait to figure it out after launch will be months behind.

The Bigger Picture

Anthropic will recover from this. The models are still the strongest models in the market. The engineering in the leaked code is genuinely impressive. And the features they’ve been building suggest they’re thinking about AI tools in a fundamentally more ambitious way than most of their competitors.

But here’s what I keep coming back to. The most safety-conscious AI company on the planet just leaked their entire codebase because someone forgot to exclude a file. Twice in one week, a different team made a different basic operational error.

That’s not an indictment of Anthropic specifically. It’s a reminder of what happens when you’re building at this pace. Every AI company is moving faster than their processes can keep up with. And if that’s true for Anthropic, with their resources and their culture of caution, it’s definitely true for the firm down the hall that just spun up an AI initiative with two people and no governance plan.

The speed is the story. Make sure your firm can keep up with it, and make sure you’ve got guardrails that can keep up with the speed.

If you read this far, you’re not rubbernecking at a security incident. You’re running the math on what this changes for the decisions you’re already making about AI in your firm.

That’s the conversation I have every day with managing partners and COOs who are past the “should we use AI” question and deep into the “how do we do this without getting burned” question. If that’s where you are, tell me what you’re working through. steve@intelligencebyintent.com. I’ll give you a straight answer about what’s ready today and what isn’t, no pitch attached.