On Tuesday we covered how Anthropic accidentally leaked the source code of Claude Code, and how criminals immediately used that leak as a lure to spread malware. But that story raised a question a lot of readers will have been wondering about. If the leaked code was so interesting that tens of thousands of developers downloaded it within hours, what was actually inside? And should ordinary people care about any of it?
The short answer is: some of it is fascinating, some of it is reassuring, and a small part of it is genuinely worth thinking about. Here is the plain-English version.
So what actually leaked?
Claude Code is Anthropic's AI coding tool — a piece of software that lets developers have conversations with Claude while writing code, asking it to read files, suggest changes, run commands, and manage projects. It is a professional tool aimed at software developers, not something most people use directly.
When the accidental leak happened on 31 March, what emerged was around 512,000 lines of the internal code that makes Claude Code work — the instructions, features, and internal systems that Anthropic had written but never published. Think of it like accidentally leaving the annotated draft of a novel in the printed copy, with all the author's notes, cut chapters, and planned sequels still attached.
Importantly, the leak did not include the AI model itself — no training data, no model weights, none of the underlying intelligence. It also included no user data, no conversation history, and no customer information. What it included was a window into how the product works, what features are coming, and some internal decisions Anthropic would clearly have preferred to keep private.
The things that made developers excited
The most talked-about discovery was something called KAIROS — a Greek word meaning "the right moment." The code revealed that Anthropic has been quietly building an always-on version of Claude Code that does not wait for you to ask it something. Instead, it runs in the background, watches what is happening on your computer, logs observations throughout the day, and while you are away — in a process the code calls autoDream — it consolidates everything it has learned, removes contradictions, and builds a cleaner picture of your work for when you return.
In plain English: an AI assistant that thinks about your work while you are not watching, so it is better prepared when you come back. Whether that sounds helpful or unsettling probably depends on how much you trust the tool.
A companion feature called ULTRAPLAN offloads particularly complex planning tasks to a remote cloud session, giving Claude up to thirty minutes of thinking time to work through a difficult problem before presenting its answer.
The other discovery that delighted people was considerably lighter. Buried in the code was a fully built but unreleased feature called BUDDY — a small virtual pet that lives in your terminal. It has eighteen possible species including duck, octopus, ghost, axolotl, and something called "chonk," each with rarity tiers from common to legendary. Every Buddy has its own stats: Debugging, Patience, Chaos, Wisdom, and Snark. The internal notes suggest it was planned as an April Fools' Day feature. Someone at Anthropic was clearly having a very good time.
The thing that raised genuine questions
The most debated discovery in the leak was a file called undercover.ts — about ninety lines of code that reveal a feature called Undercover Mode.
Here is what it does. When Anthropic employees use Claude Code to contribute to public open-source software projects — the kind of projects that anyone can view and contribute to online — Undercover Mode activates. It instructs Claude Code not to mention that it is an AI, not to include any Anthropic-internal information in commit messages or notes, and not to reveal internal codenames. The instructions in the code read: "You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Do not blow your cover."
This sparked a genuine debate among developers. Many open-source projects have policies about AI-generated contributions — some require disclosure, others prohibit AI assistance entirely. The concern raised by developers is that Anthropic employees may have been submitting AI-assisted code to projects whose maintainers believed they were receiving purely human contributions.
Anthropic's defenders argue that Undercover Mode exists primarily to prevent internal codenames and product details from leaking into public commit logs — which is a reasonable corporate security concern. The mode only applies to Anthropic employees, not to external users of Claude Code.
Both perspectives are reasonable. What is not in dispute is that the feature exists, that it was not previously disclosed, and that it raises a real question about transparency in AI-assisted software development that the industry has not yet resolved. The irony that Anthropic built a system specifically to prevent internal information from leaking through code — and then accidentally leaked the entire source code — was not lost on anyone.
What does this mean for people who use Claude or Claude Code?
The leak confirmed something that Anthropic already disclosed in its published usage policies, but which most people had not thought much about: when you use Claude Code, your prompts and responses pass through Anthropic's systems, and those systems can see not just what you type but file contents and system details from your computer. That is how the tool works — it needs to see your files to help with them.
The leak also revealed that Anthropic can push settings updates to Claude Code remotely, that it can remotely disable specific versions, and that enterprise customers have additional policy controls managed server-side. None of this is secret — it reflects how almost all modern software works — but seeing it written out in code made it feel more concrete to many developers.
What the leak did not reveal is any evidence that Anthropic has been misusing this access, collecting data it should not, or behaving in ways that contradict its stated policies. The code shows a capable, complex tool. It also shows a company that had not thought carefully enough about one configuration file in its build process.
Should you be worried?
If you do not use Claude Code, this story does not affect you directly. The leak involved developer tooling, not the consumer Claude products that most people use for writing, research, and everyday tasks.
If you do use Claude Code, the practical action is simple: update to the current official version through official channels, and do not download anything claiming to be the leaked source from GitHub or anywhere else.
The broader questions the leak raises — about AI transparency, about what AI tools do in the background, about disclosure when AI assists in open-source contributions — are real and worth following. They are not unique to Anthropic. They are questions the entire AI industry is navigating, and the leak simply made them visible in a very public way.
The most human moment in the entire story is perhaps the one that started it all: an engineer at one of the world's most sophisticated AI companies forgot to add one line to a configuration file. The system designed to prevent leaks could not help with that.
🧠 The Human Factor
| Technology involved | Claude Code source code — internal features, unreleased capabilities, and configuration decisions that were never intended to be public |
| Root cause | A missing line in a build configuration file meant a debug file was included in a public software release — human error at the most basic level of software packaging |
| What was at risk | Anthropic's intellectual property and product roadmap; legitimate public debate about AI transparency in open-source software contributions |
| Prevention | Build pipeline checklists that verify what is included in public releases; clear public policies about AI disclosure in open-source contributions; transparency with users about what tools do in the background |
References and sources
- Anthropic statement on the leak — via The Register (31 March 2026)
- Claude Code's source reveals extent of system access — The Register (1 April 2026)
- Claude Code's source code appears to have leaked: here's what we know — VentureBeat (31 March 2026)
- Community analysis: layer5.io, techsy.io, alex000kim.com (March–April 2026)
- Everything in Claude Code's Leaked Source: KAIROS, ULTRAPLAN, Buddy and More — techsy.io