On March 31, 2026, Anthropic accidentally shipped a sourcemap file in a Claude Code npm update, exposing 600k lines of source code. Key findings from the leak include: KAIROS, an undisclosed autonomous background agent mode that runs 24/7 without user prompting; anti-distillation mechanisms that inject fake tool definitions to poison competitor training data; DRM implemented below the JavaScript layer in Zig/Bun to prevent API spoofing; a sophisticated 3-layer memory architecture; and 20+ unshipped features including multi-agent orchestration, browser control via Playwright, and cron scheduling. The leak also revealed internal model codenames (Capybara, Numbat, Fennec, Tengu) and an 'undercover mode' that strips internal references in external repos. The incident occurred during a broader wave of AI developer security incidents in March 2026. Practical takeaways for agent builders include the SYSTEM_PROMPT_DYNAMIC_BOUNDARY pattern for cost-efficient prompt caching and self-updating documentation via scoped subagents.
Table of contents
How It HappenedChaos and LegalityInside the Source CodeMarch 2026 Was a Security DisasterWhat Engineers Building Agents Should Take AwaySort: