So

Anthropic’s entire Claude Code codebase leaked. It wasn’t a breach. Here is everything you need to know. It was a build config mistake. A 57MB file shipped inside public npm releases contained 1,906 TypeScript source files. Architecture, system prompts, tool-calling logic, all of it. Anyone who downloaded the package had the keys without knowing it. No hacking. No sophisticated attack. Just someone forgetting to exclude a file before publishing. This is the kind of risk that doesn’t show up in a security audit. It’s not a vulnerability in your product, it’s a gap in your release process. And it can happen at any company, any size. By the time they filed DMCA takedowns, early npm versions were already archived. The window between “shipped” and “contained” was enough. For founders shipping software: your threat model isn’t just hackers. It’s your own pipeline. Anthropic is a world-class team. This still happened to them. On the bright side, the things they have in the pipeline are very damn exciting. The leak revealed 44 unshipped features sitting behind flags, including: - KAIROS — an always-on background agent that runs while you’re idle, consolidates memory, and is ready with full context when you return - autoDream — a literally-named subprocess where Claude “dreams,” merging observations and cleaning its own memory on a tick-based loop - BUDDY — a full Tamagotchi-style terminal companion with 18 species, rarity tiers, RPG stats, and ASCII art. Real feature, not a joke - ULTRAPLAN — offloads complex planning to a 30-minute cloud compute session running Opus, then teleports the result back to your terminal - Coordinator Mode — turns Claude into a multi-agent orchestrator running parallel worker agents through research, synthesis, implementation, and verification phases Not vaporware. Compiled code sitting behind feature flags, waiting to ship.