On March 31, 2026, an intern at a blockchain security firm checked the npm registry for the newest release of Claude Code. Within 30 seconds he found a 59.8MB source map file that should never have shipped to production. Inside: 512,000 lines of TypeScript, 1,900 files, and the complete architecture of one of the most important AI developer tools ever built.

This is the full deep dive. 45 minutes covering the mechanics of how it happened, what the leaked source code actually revealed, and the concurrent Axios supply chain attack that hit the same morning.

What we cover:

How a single missing line in a config file exposed the entire codebase

KAIROS: the fully built autonomous daemon mode Anthropic never announced

The Buddy virtual pet system and the hex-encoded duck

Undercover Mode and the grand irony at the center of this story

The Axios npm supply chain attack and who is actually at operational risk

The operator verdict: Watch, Act Now, Adopt

Watch on YouTube: https://youtu.be/XGv8sW2NS0k

Read the full article: https://open.substack.com/pub/aifrankly/p/anthropic-did-it-again

Find everything at aifrankly.com

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit aifrankly.substack.com