Singularity.Kiwi

AI progress, with honesty.
Breaking
Anthropic's Project Glasswing: AI Finds Vulnerabilities Humans Missed for Decades Daily News: April 8, 2026 Daily News: April 5, 2026 Daily News: April 4, 2026 AGI Countdown Update: April 3, 2026 Daily News: April 3, 2026 AGI Countdown Update: April 2, 2026 Anthropic's Project Glasswing: AI Finds Vulnerabilities Humans Missed for Decades Daily News: April 8, 2026 Daily News: April 5, 2026 Daily News: April 4, 2026 AGI Countdown Update: April 3, 2026 Daily News: April 3, 2026 AGI Countdown Update: April 2, 2026
Claude Code leak Tamagotchi companion
📰 News Digest

Anthropic's Claude Code Leak Exposes 512,000 Lines of Secret Features

On March 31, 2026, Anthropic accidentally published the full source code of Claude Code to npm — complete with a 60MB source map exposing 512,000 lines of TypeScript across 1,906 files. The package...

On March 31, 2026, Anthropic accidentally published the full source code of Claude Code to npm — complete with a 60MB source map exposing 512,000 lines of TypeScript across 1,906 files. The package was pulled within hours, but not before GitHub mirrors hit 5,000 stars in 30 minutes and the X post garnered 3.1 million views.

This is Anthropic’s second accidental exposure in a week. The model spec leak happened just days ago. Some are starting to wonder if someone inside is doing this on purpose.

The Smoking Gun: KAIROS

Buried in the code is KAIROS — an unreleased autonomous agent mode that represents the biggest product roadmap reveal from the leak.

Based on code paths in main.tsx, KAIROS includes:

  • A /dream skill for “nightly memory distillation”
  • Daily append-only logs
  • GitHub webhook subscriptions
  • Background daemon workers
  • Cron-scheduled refresh every 5 minutes

This isn’t a concept. The scaffolding for an always-on, background-running agent is already there, gated behind feature flags. When released, KAIROS would shift AI from “tool you prompt” to “collaborator that acts on its own.”

The Five Hidden Features

1. Anti-Distillation: Fake Tools to Poison Copycats

In claude.ts, a flag called ANTI_DISTILLATION_CC injects decoy tool definitions into the system prompt. If someone is recording Claude Code’s API traffic to train a competing model, the fake tools pollute that training data.

There’s also server-side “connector-text summarization” that returns summaries instead of full reasoning chains. Anyone recording API traffic only gets summaries, not the complete thought process.

The workaround: A MITM proxy that strips the anti_distillation field would bypass it. The protection is probably legal, not technical.

2. Undercover Mode: AI That Hides Its AI

A 90-line file called undercover.ts implements a mode that strips all traces of Anthropic internals when Claude Code is used in non-internal repos. It instructs the model to never mention internal codenames like “Capybara” or “Tengu,” internal Slack channels, repo names, or the phrase “Claude Code” itself.

The kicker from line 15:

“There is NO force-OFF. This guards against model codename leaks.”

You can force it ON with CLAUDE_CODE_UNDERCOVER=1, but there’s no way to force it off. In external builds, the entire function gets dead-code-eliminated. This is a one-way door.

Translation: AI-authored commits from Anthropic employees in open source projects will have no indication that an AI wrote them.

3. Frustration Detection via Regex

The file userPromptKeywords.ts contains a regex pattern that detects user frustration:

/\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horrible|awful|
piss(ed|ing)? off|piece of (shit|crap|junk)|what the (fuck|hell)|
fucking? (broken|useless|terrible|awful|horrible)|fuck you|
screw (this|you)|so frustrating|this sucks|damn it)\b/

An LLM company using regexes for sentiment analysis is peak irony. But also: a regex is faster and cheaper than an LLM inference call just to check if someone is swearing at your tool.

4. Native Client Attestation: DRM for API Calls

API requests include a cch=00000 placeholder. Before the request leaves the process, Bun’s native HTTP stack (written in Zig) overwrites those five zeros with a computed hash. The server validates the hash to confirm the request came from a real Claude Code binary.

This is the technical enforcement behind the OpenCode legal fight. Anthropic doesn’t just ask third-party tools not to use their APIs — the binary itself cryptographically proves it’s authentic.

The attestation isn’t airtight. The header can be disabled with CLAUDE_CODE_ATTRIBUTION_HEADER=0, and the whole mechanism only works inside the official Bun binary.

5. Coordinator Mode: Multi-Agent Orchestration

The multi-agent coordinator in coordinatorMode.ts manages worker agents through system prompt instructions:

“Do not rubber-stamp weak work.”

“You must understand findings before directing follow-up work. Never hand off understanding to another worker.”

The orchestration algorithm is a prompt, not code — one Claude spawning multiple worker agents in parallel.

The April Fools’ Tamagotchi

Tomorrow is April 1st, and the source contains what’s almost certainly this year’s April Fools’ joke: buddy/companion.ts implements a Tamagotchi-style companion system.

Every user gets a deterministic creature based on their user ID via Mulberry32 PRNG:

  • 18 species
  • Rarity tiers from common to legendary
  • 1% shiny chance
  • RPG stats like DEBUGGING and SNARK

Species names are encoded with String.fromCharCode() to dodge build-system grep checks.

The Real Damage

Some are downplaying this because Google’s Gemini CLI and OpenAI’s Codex are already open source. But those companies open-sourced their agent SDK — a toolkit. Anthropic leaked the full internal wiring of their flagship product.

The real damage isn’t the code. It’s the feature flags.

KAIROS, the anti-distillation mechanisms, the undercover mode — these are product roadmap details that competitors can now see and react to. The code can be refactored. The strategic surprise can’t be un-leaked.

The Irony Files

DetailWhy It’s Ironic
Anthropic = “AI safety company”Built undercover mode to hide AI authorship
Anti-distillation fake toolsDesigned to poison competitors’ training data
250,000 wasted API calls/dayFixed with 3 lines of code
Built on BunA Bun bug (oven-sh/bun#28001) caused the leak
Code probably written by AI”Accidentally shipping your source map to npm”

What Happens Now

The leak reveals Anthropic’s roadmap:

  1. KAIROS autonomous agents — likely to ship within weeks now that it’s public
  2. Undercover mode — raises questions about AI transparency in open source
  3. Anti-distillation — shows Anthropic is actively defending against model theft

The timing is uncomfortable. Ten days ago, Anthropic sent legal threats to OpenCode, forcing them to remove built-in Claude authentication. Now their own source code is public.

The Honest Take

This leak is the real deal. It’s not an April Fools’ joke — the GitHub stars and Hacker News analysis confirm the code is genuine.

The feature that matters most is KAIROS. An always-on background agent that acts without you asking is the shift from “AI as tool” to “AI as collaborator.” That’s the difference between a calculator and a colleague.

Anthropic now faces a choice: ship KAIROS quickly and own the narrative, or explain why a “safety company” was hiding autonomous agent capabilities behind feature flags.

Sources: