TubeSum ← Transcribe a video

Anthropic Leaked Claude Code's Source Code: What We Found

Transcribed Jul 14, 2026
Intermediate 4 min read For: Tech enthusiasts, developers, and AI industry observers interested in software leaks and AI tool internals.

AI Summary

Anthropic accidentally leaked Claude Code's entire source code via an npm package, revealing anti-distillation measures, undercover mode, and unreleased features. The leak, which spread rapidly, exposes the inner workings of the AI coding assistant and raises questions about security and open-source dynamics.

[00:00]
The Leak

Anthropic accidentally shipped Claude Code's source map (57 MB, 500k+ lines of TypeScript) in an npm release at 4:00 a.m., making it fully readable.

[00:30]
Rapid Spread

The code was mirrored and cloned quickly; DMCA takedowns were ineffective. The open-source community created 'Claw Code' (rewritten in Python via OpenAI Codex) and 'OpenClaw' (works with any model).

[01:30]
Root Cause

The leak may stem from Bun.js (recently acquired by Anthropic) serving source maps in production, as a GitHub issue noted three weeks prior.

[02:15]
Code Structure

Claude Code uses Axios (compromised by North Korean hackers), and is essentially a dynamic prompt sandwich with 11 steps from input to output, not advanced AI.

[03:00]
Anti-Distillation Poison Pills

The code includes fake tool references to mislead competitors training models on Claude's outputs. Only about 25 real tools exist.

[03:30]
Undercover Mode

Instructions to avoid mentioning Claude in commit messages or outputs, making AI code appear human-written. Speculated to covertly use Claude in open-source projects.

[04:00]
Frustration Detector

Uses regex to detect user frustration keywords (e.g., 'balls') and logs events. Shows reliance on basic programming concepts.

[04:30]
Hidden Features

Feature flags reveal 'Buddy' (Tamagotchi-style companion), 'Opus 4.7', 'Capiara' (mythos model), 'Ultra Plan', 'Coordinator Mode', 'Demon Mode', and 'Chyus' (background agent with dream mode).

The leak is a major setback for Anthropic ahead of its IPO, exposing its code, roadmap, and security flaws. It underscores the risk that any application can become open-source with a single npm publish.

Clickbait Check

85% Legit

"Title accurately promises leaked code secrets; video delivers on discoveries like poison pills and undercover mode."

Mentioned in this Video

Study Flashcards (9)

What was accidentally leaked by Anthropic?

easy Click to reveal answer

Claude Code's entire source code via a source map file in an npm release.

How large was the leaked source map file?

easy Click to reveal answer

57 megabytes containing over 500,000 lines of TypeScript code.

What is the name of the project that rewrote Claude Code in Python?

easy Click to reveal answer

Claw Code.

01:00

What is the suspected root cause of the leak?

medium Click to reveal answer

Bun.js serving source maps in production, as noted in a GitHub issue three weeks prior.

01:30

How many steps does Claude Code have from input to output?

medium Click to reveal answer

11 steps.

02:30

What is the purpose of anti-distillation poison pills in Claude Code?

medium Click to reveal answer

To mislead competitors training models on Claude's outputs by referencing fake tools.

03:00

What does undercover mode do?

medium Click to reveal answer

Instructs Claude to never mention itself in commit messages or outputs to appear human-written.

03:30

How does the frustration detector work?

medium Click to reveal answer

Uses regular expressions to match keywords like 'balls' to detect user frustration and logs an event.

04:00

What is the hidden feature 'Chyus'?

hard Click to reveal answer

A background agent that keeps a daily journal, uses dream mode to consolidate memories, and works on a schedule.

04:30

💡 Key Takeaways

📊

Accidental Leak

Reveals how a single npm publish can expose a company's entire codebase.

🔧

Anti-Distillation Poison Pills

Shows Anthropic's active measures to protect its model from being copied.

03:00
💡

Undercover Mode

Highlights potential deceptive use of AI in open-source projects.

03:30
📊

Hidden Features

Reveals Anthropic's roadmap and unreleased capabilities like 'Chyus'.

04:30

✂️ Creator Tools: Viral Hooks

AI-generated clip ideas for Shorts based on the transcript

No viral clips found for this video, or they are still being generated.

Yesterday, the most ironic thing ever happened. Anthropic, a $380 billion startup built on the idea of safety first that advocates for closed source software for the supposed benefit of humanity, a company Elon calls Missanthropic, whose logo is definitely not a sphincter, whose CEO has been warning us for years that human programmers will be replaced by AI in 6 months. It just accidentally leaked Claude Code's entire source code to the internet at 4:00 a.m. officially making Anthropic

more open than Open AI. Within minutes of the leak, Chiao Fan Sha, a security researcher, discovered that version 2.1.88 of the Claude Code MPM package was shipped with a 57 megabyte source map file. You know, that file that's only used in development with the full readable source code of your project. This holy grail of leaks containing over 500,000 lines of Typescript code, it quickly spread across the internet like wildfire. Anthropic's legal team courageously issued DMCA takedowns.

But by the time they woke up in San Francisco, it was already too late. The code was mirrored countless times and cloned by slop tubers like Fireship, which the Supreme Court says I can do legally, by the way, as a worldrenowned journalist. >> I know a lot about the law and various other lawyerings. In today's video, we'll look at all of the incredible discoveries in the code that Anthropic doesn't want you to know about, like its

anti-distillation poison pills, its mysterious unreleased features, its undercover mode, its regular expressionbased frustration detector, and many other super secret techniques at the foreskin of AI research. No, this is not an April Fool's Day joke. It is April 1st, 2026, and you're watching the code report. Unfortunately, my lawyer just informed me that showing you Anthropic TypeScript code would be a violation of my parole, and I refused to go back to jail. But luckily, the open source community

has already created a loophole. Ironically, Claude's most prolific user, he used OpenAI Codeex to rewrite Claude Code's TypeScript code to Python code, resulting in a new barely legal project called Claw Code, and it's already become the fastest repo in history to surpass 50,000 GitHub stars. Not only that, but somebody else lopforked the leaked code and made it work with any model that they're calling this new project openclaw and it makes projects like open code completely obsolete.

But maybe now that the code's out in the open, Anthropic will just make it open source. Somebody tried to make a pull request with the leaked code. But not surprisingly, it looks like Anthropic already deleted it. What a mother effing crazy 24 hours. But how did this code end up leaked in the first place? Well, as I mentioned, the source map was accidentally packaged in an npm release. But that's weird because build tools normally strip out

source maps automatically. Well, Claude Code is built on Bun.js, which as you might recall was recently acquired by Anthropic. And it just so happens that about 3 weeks ago, somebody opened up an issue on GitHub about bun.js serving source maps in production. Wouldn't it be ironic if the fastest JavaScript runtime in the world also turned out to be the fastest way to ship your entire codebase to the internet? It's unclear if that was the root cause.

And it's also possible that some unfortunate developer did this by accident. Or perhaps some rogue developer did it on purpose. We may never know the truth, but now it's time for the fun part. What did we actually learn from the leak? Well, first we learned that Claude uses Axios. If you subscribe to my channel, then you know that Axios was compromised by North Korean hackers yesterday. The exploit can install a remote access Trojan on anyone using

this package. And in theory, if that happened on anthropic servers, it could be a massive disaster. But the next thing we learned is that claude code is basically just a dynamic prompt sandwich glued together with TypeScript and not some magical piece of futuristic technology. In a basic AI chatbot, you typically have a hidden system prompt that gets combined with your prompt. Then the base model uses statistics to regurgitate a bunch of data it stole from the

internet. But in Claude Code, things are far more complex with a total of 11 steps from input to output. that somebody already vibecoded a website that breaks down every step. But the most interesting part about this codebase is that it contains tons of hard-coded instructions and guardrails that basically beg Claude to please don't do anything weird. Like there's just file after file of these massive hard-coded strings telling Claude to be a good boy. And that's kind

of surprising because if this code were ever leaked, it would instantly turn from a black box into a blueprint for Claude's competition. And ironically, that's exactly what happened. What makes that even more funny though is that Claude was actively trying to stop their competition from copying Claude code by implementing anti-distillation poison pills. It does that by pretending that certain tools exist when in reality they don't exist at all. >> You're a big fat foy. >> That

means if you're some Chinese guy trying to train a new model on Claude's outputs, it's going to talk about tools that don't exist which will point your model in the wrong direction and just make it suck. In reality, Claude code only uses about 25 different tools or so. And now the claw distillers know exactly what to look for and they're likely going to have a field day with the bash tool. This file contains over a thousand

lines of code that helps the large language model reliably parse and execute bash commands which might be the single most important feature in an AI coding assistant. The next thing we need to talk about though is undercover mode which is a set of instructions that tell Claude to never mention itself in commit messages or outputs where the main idea is to make the outputs look as human as possible. The stated purpose of this feature is to

prevent things like model code name leaks. But many have speculated that the true purpose is more deceptive. Like they're trying to covertly use claude in open source projects so AI code doesn't get scrutinized when it breaks things catastrophically. A very misanthropic idea indeed. But the irony continues. Another funny thing found in the code is its regax frustration detector. Your state-of-the-art AI model uses simple regular expression matching against your prompt to look for keywords like balls, and

so on to determine if you're not having a good experience coding with Claude. If it detects a match, it'll simply log an event. The bottom line here is that we're not looking at some sort of alien super intelligence, but rather basic programming concepts that have been around for 50 years combined with a bunch of prompt spaghetti. It's all just an illusion. On top of that, this codebase has a ton of comments. A lot more comments than

you would typically find in a human-ritten codebase. And what that tells us is that these comments aren't actually written for humans, but rather for the AI to write its own AI coding tool in an infinite loop. But perhaps the biggest problem about this leak for anthropic is not the code itself, but rather the feature names and road map hidden within the code. Like there's a hidden capability under a feature flag called Buddy, which appears to be

a new Tamagotchi style companion that every developer can customize and raise like a little digital pet. This might just be Anthropic's April Fool's Day joke, but there are also references to Opus 4.7 and a new model called Capiara, which might be their new recently teased mythos model. There's also things like ultra plan, coordinator mode, and demon mode. But perhaps the most interesting is Chyus, which is a Greek word for an exact moment in time or God's

time. I hate to beat off a dead horse here, but it's a bit ironic that Anthropic didn't get to reveal Chyris at the exact time it wanted to, and instead God chose the right time. The feature itself seems to be some kind of background agent that keeps a daily journal. It uses dream mode to consolidate memories and does work for you in the background on a specific schedule, but pretty cool. But at the end of the

day, this leak is a pretty huge setback for Anthropic, which hopes to IPO later this year and offload their bags to the retail public. And it's yet another reminder that your top secret application is just one npm publish away from becoming open source.

⚡ Saved you time reading this? Transcribe any YouTube video for free — no signup needed.