Anthropic Code Leak
Parts of Anthropic's Claude codebase (the KAIROS system with its memory hierarchy and permissions) leaked accidentally, accelerating competitor agent builds and community analysis of its memory/permission design. (x.com)
The package shipped on March 31, 2026 after an npm source‑map pointed to a publicly accessible Cloudflare R2 ZIP, exposing original TypeScript sources rather than just bundled artifacts. (theregister.com) The archive unpacked into roughly 1,900 TypeScript files totaling about 512,000 lines of code and included the complete agent orchestration, tool library, and MEMORY.md documentation. (buildfastwithai.com) Leaked internals named an always‑on KAIROS daemon that uses periodic “<tick>” prompts and a PROACTIVE flag for surfacing, alongside disclosed memory‑tier logic, permissioning modules, and an “Undercover Mode.” (arstechnica.com) Developers mirrored the code across GitHub and produced rapid rewrites into other languages within hours, while Anthropic issued a DMCA takedown that it later narrowed after forks were restored. (venturebeat.com) Security teams flagged supply‑chain risk because the leak overlapped with a malicious axios npm package published in the same install window—between 00:21 and 03:29 UTC on March 31, 2026—which could have impacted installs that pulled the exposed package. (venturebeat.com) System‑design interview prompt inspired by the leak: design a KAIROS‑style background agent that supports persistent per‑user memory tiers (in‑process hot cache, Redis warm store, cold blob/object storage), enforces least‑privilege tool permissions with immutable audit logs, and scales to 1,000 concurrent agents under a 100 MB per‑user in‑memory budget. (apidog.com) PM interview framework tied to the incident: focus on metrics such as permission‑grant rate, unauthorized tool‑invocation incidents per 10,000 sessions, memory‑store growth per session in KB, and mean time to revoke a granted permission in minutes to measure safety vs. utility tradeoffs revealed by the leak. (venturebeat.com) A concrete portfolio project: a 6–10 week TypeScript Node CLI that replicates a mini‑KAIROS with a tick scheduler, Redis‑backed multi‑tier memory, scoped tool APIs with per‑call audit logs, and end‑to‑end tests for PROACTIVE surfacing—built to mirror structures visible in the leaked Claude Code. (buildfastwithai.com) Anthropic characterized the release as a packaging “human error” and stated that no sensitive customer data or credentials were exposed in the incident. (cnbc.com)
