Anthropic's Claude Code source code leak reveals frustration tracking and always-on AI plans

Reviewed byNidhi Govil

47 Sources

Share

Anthropic accidentally exposed over 512,000 lines of Claude Code source code in a release packaging issue caused by human error. The leak revealed unannounced AI model features including Kairos, an always-on background agent, and code that tracks user frustration. The incident raises fresh questions about AI privacy concerns and operational maturity at a company known for careful AI development.

Anthropic Faces Major Source Code Leak

Anthropic, a company that has built its reputation on careful AI development, experienced an embarrassing accidental code leak on March 31 when it pushed out version 2.1.88 of its Claude Code software package

1

. The release packaging issue exposed nearly 2,000 source code files containing more than 512,000 lines of code, essentially revealing the full architectural blueprint for the AI coding assistant

2

. Security researcher Chaofan Shou spotted the mistake almost immediately and posted about it on X, turning what Anthropic described as human error into a windfall for developers and competitors alike

3

.

Source: Geeky Gadgets

Source: Geeky Gadgets

The leaked TypeScript codebase was contained in a source map file that developers quickly copied to GitHub, where it has since amassed more than 50,000 forks

5

. While Anthropic spokesperson Christopher Nulty clarified that no sensitive customer data or credentials were exposed, the incident marks the second time in a week that the company has accidentally made internal information publicly available

2

. Days earlier, Fortune reported that Anthropic had exposed nearly 3,000 internal files, including a draft blog post describing a powerful new model not yet announced.

Tracking User Frustration Raises AI Privacy Concerns

Among the most controversial discoveries in the Claude Code source code leak was code designed to detect and flag user frustration

4

. The frustration detector uses regex, a decades-old pattern-matching technique, to scan user prompts for profanity, insults, and phrases such as "so frustrating" and "this sucks," logging when users express negativity. Independent developer Alex Kim, who posted a technical analysis of the leaked code, noted the irony: "An LLM company using regexes for sentiment analysis is peak irony"

4

.

Source: Entrepreneur

Source: Entrepreneur

Kim explained that while the choice was pragmatic—regex is computationally free compared to using an LLM for sentiment analysis at global scale—the signal doesn't change the model's behavior or responses. Instead, it serves as a product health metric to track whether users are getting frustrated and whether rates are increasing across releases

4

. However, Miranda Bogen, director of the AI Governance Lab at the Center for Democracy & Technology, warns that the pressing issue is what happens to such behavioral data once a company collects it. "Even if it's a very legible and very simple prediction pattern, how you use that information is a separate governance question," she says

4

.

Unannounced AI Model Features: Kairos and AutoDream

The software scaffolding revealed in the leak provided a detailed look at unannounced AI model features that Anthropic has been developing. Chief among these is Kairos, a persistent daemon designed to operate in the background even when the Claude Code terminal window is closed

1

. The system would use periodic "tick" prompts to regularly review whether new actions are needed and a "PROACTIVE" flag for surfacing information the user hasn't asked for but needs to see now.

Source: Benzinga

Source: Benzinga

Kairos makes use of a file-based memory architecture designed to allow for persistent operation across user sessions, giving the system "a complete picture of who the user is, how they'd like to collaborate with you, what behaviors to avoid or repeat, and the context behind the work the user gives you"

1

. To organize this memory system, the code includes references to AutoDream, which would tell Claude Code to perform "a reflective pass over your memory files" when a user goes idle or manually ends a session

1

. This AI "dream" process would scan transcripts for new information worth persisting, consolidate it while avoiding duplicates and contradictions, and prune outdated memories.

Undercover Mode and Open Source Controversy

Perhaps most troubling to transparency advocates was the discovery of Undercover mode, an inactive feature designed to let Anthropic employees contribute to public open source repositories without revealing themselves as AI agents

1

. The reference prompts for this mode explicitly tell the system that commits should "never include... the phrase 'Claude Code' or any mention that you are an AI," and to omit "co-Authored-By lines or any other attribution." Alex Kim called it "a one-way door"—a feature that can be forced on but not off—and noted that "hiding internal codenames is reasonable. Having the AI actively pretend to be human is a different thing"

4

.

Other planned features uncovered include UltraPlan, which would allow Opus-level Claude models to draft advanced plans that can run for 10 to 30 minutes at a time, a Voice Mode for direct conversation with Claude Code, and Bridge mode for remote sessions controllable from browsers or mobile devices

1

. Developers also found references to Buddy, a Clippy-like ASCII art companion in 18 randomized species forms that was planned for launch between April 1 through 7

1

.

Competitive Impact and Operational Maturity Questions

Claude Code isn't a minor product for Anthropic. According to the Wall Street Journal, OpenAI pulled the plug on its video generation product Sora just six months after launching it to the public to refocus efforts on developers and enterprises—partly in response to Claude Code's growing momentum

2

. What leaked was not the AI model itself but the instructions that tell the model how to behave, what tools to use, and where its limits are. One developer described the product as "a production-grade developer experience, not just a wrapper around an API"

2

.

Arun Chandrasekaran, an AI analyst at Gartner, told The Verge that while the leak poses "risks such as providing bad actors with possible outlets to bypass guardrails," its long-term impact could be limited to serving as a "call for action for Anthropic to invest more in processes and tools for better operational maturity"

5

. Whether competitors will find the architecture instructive remains to be seen, though the field moves fast enough that proactive suggestions and memory systems may soon become table stakes across AI coding assistants.

Today's Top Stories

TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2026 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo