This is a most excellent place for technology news and articles.
Perhaps the most discussed technical detail is the "Undercover Mode." This feature reveals that Anthropic uses Claude Code for "stealth" contributions to public open-source repositories.
The system prompt discovered in the leak explicitly warns the model: "You are operating UNDERCOVER... Your commit messages... MUST NOT contain ANY Anthropic-internal information. Do not blow your cover."
Laws should have been put in place years ago to make it so that AI usage needs to be explicitly declared.
The system prompt discovered in the leak explicitly warns the model: "You are operating UNDERCOVER... Your commit messages... MUST NOT contain ANY Anthropic-internal information. Do not blow your cover."
This is so incredibly stupid.
You've tried security.
You've tried security through obscurity.
Now try security through giving instructions to an LLM via a system prompt to not blow its cover.
In Europe we have the AI act which, as of August, will introduce some form of transparency obligations. Not perfect obviously but a start. Probably will not be followed by the rest of the world though so like GDPR it will be forcibly eroded by other’s interests through lobbying but at least we try.
With how massive of a computer science field artificial intelligence is and how much of it already is or is getting added to every piece of software that exists, a label like that would be equally useless as the California prop 65 cancer warnings.
Do you use a mobile keyboard that supports swipe typing and has autocorrect? Remember to mark everything you write as being AI assisted.
Well yes, if you let autocorrect write code contribution, I think you should lable that contribution as AI.
That doesn't sound like it is saying don't identify yourself. That it's called claude isn't internal information. So it doesn't seem that instruction is doing tpwhat you are saying. Must be more instructions.
What internal info are they worried about leaking in a commit message? If you don’t want it to add the standard Claude attribution, you can completely disable it in the settings, or just write your own commit messages.
If you installed or updated Claude Code via npm on March 31, 2026, between 00:21 and 03:29 UTC, you may have inadvertently pulled in a malicious version of axios (1.14.1 or 0.30.4) that contains a Remote Access Trojan (RAT). You should immediately search your project lockfiles (package-lock.json, yarn.lock, or bun.lockb) for these specific versions or the dependency plain-crypto-js. If found, treat the host machine as fully compromised, rotate all secrets, and perform a clean OS reinstallation.
Lol 😂
This is because if an unrelated hack on npm’s latest build. Anyone with this version of npm is affected
That axios supply chain attack was a bitch. There were extensions compromised from that shit.
Its bad advise too, because the malware removed itself from those files to removed traces of itself
Be careful not to introduce security vulnerabilities such as command injection, XSS, SQL injection, and other OWASP top 10 vulnerabilities. If you notice that you wrote insecure code, immediately fix it.
Lmao. I'm sure that will solve the problem of it writing insecure slop code.
It doesn't fix it, but as stupid as it looks, it should actually improve the chances.
If you've seen how the reasoning works, they basically spit out some garbage, then read it again and think whether it's garbage enough or not.
They do try to 'correct their errors', so to say.
It will slightly improve the chances. But, is that enough?
Imagine you had an intern working with you on a project. They didn't know anything about SQL injection, cross site scripting, etc. You probably wouldn't give them a task where that was a concern. If you did, you'd watch them like a hawk. Because they're an intern, the amount of code they'd produce would probably be pretty low, and it would be pretty low-quality overall, so it would be easy to spot mistakes that would lead to these kinds of vulnerabilities.
An LLM has the understanding of the problem space that an intern does, but produces vast amounts of code extremely quickly. That code is designed to "blend in", i.e. it's specifically trained to look like good code, whether it is or not. Because of "vibe coding", people trust it to do all kinds of things, including implement bits where there's a danger of XSS or SQL injection. And the way Claude Code ensures it doesn't generate those vulnerabilities is... someone says "hey, don't do that, ok?"
Having that statement in there is better than not having it. But, it's just a reminder that these things aren't appropriate for writing production code. They don't actually understand what XSS or SQL injection are, and they can't learn. They don't know why it's important. They don't have a technique for checking if their code actually has those vulnerabilities, other than passing it to themselves recursively and asking that other version of themselves to generate some text that might flag if those vulnerabilities were spotted. But, AIs are famously sycophantic so even recursively using itself, it will generate text to "please" itself and probably write something like "your code is great and I can't spot any vulnerabilities at all! Congratulations! [Emoji] [Emoji] [Emoji]"
Sounds exactly like half the managers I've ever worked with.
That sounds like written by some dumbass vibe-coder who actually believes their LLM is "smart".
I mean it's not that big a deal. However, it would another thing if the model itself leaked. Now that would be something.
edit: Like I thought, it turns out to be a TS wrapper with more internal prompts. The fireship video is really funny, they use regex to detect if the user is angry 😭
As they tell it, Claude Code is over 80% written by the models anyway...
The harness is as important as the model
Tool usage is very important. Qwen3.5 (135b) can already do wonderful things on OpenCode.
I dabble in local AI and this always blows my mind. How do people just casually throw 135b parameter models around? Are people like, renting datacenter hardware or GPU time or something, or are people just building personal AI servers with 6 5090s in them, or are they quantizing them down to 0.025 bits or what? what's the secret? how does this work? am I missing something? like the Q4 of Qwen3.5 122B is between 60-80GB just for the model alone. That's 3x 5090s minimum, unless I'm doing the math wrong, and then you need to fit the huge context windows these things have in there too. I don't get it.
Meanwhile I'm over here nearly burning my house down trying to get my poor consumer cards to run glm-4.7-flash.
I pay for Ollama Cloud. As for the training of the big models, big companies do it using who-knows-what resources.
Like a healthy brain. And just like a healthy brain, it'll still hallucinate and make mistakes probably:
The leaked source reveals a sophisticated, three-layer memory architecture that moves away from traditional "store-everything" retrieval.
As analyzed by developers like @himanshustwts, the architecture utilizes a "Self-Healing Memory" system.
We’re gonna make AGI and realize that being stupid sometimes and making mistakes is integral to general intelligence.
Actually, the people in the know...already knew this. We've known for years. Mistakes are required for learning.
A mistake is maybe just allowing room for evolution to take place?
being stupid sometimes and making mistakes is integral to general intelligence.
Smart people figured this out a long time ago.
https://www.amazon.com/s?k=nassim+taleb+antifragile&adgrpid=187118826460
https://www.goodreads.com/en/book/show/18378002-intuition-pumps-and-other-tools-for-thinking
That’s what makes us humans at least…
In this mode, the agent performs "memory consolidation" while the user is idle. The
autoDreamlogic merges disparate observations, removes logical contradictions, and converts vague insights into absolute facts.
this blog post reads like a marketing piece
Pretty sure it’s a bad LLM „analysis“ of the code. It has that flavour to it.
By 4:23 am ET, Chaofan Shou (@Fried_rice), an intern at Solayer Labs, broadcasted the discovery on X (formerly Twitter).
Ha, by an intern
Nice. One of the ways to write Chaofan in Chinese is 炒饭, which means fried rice. Amazing to be able to get that Twitter handle
At its core is MEMORY.md, a lightweight index of pointers (~150 characters per line) that is perpetually loaded into the context. This index does not store data; it stores locations.
Actual project knowledge is distributed across "topic files" fetched on-demand, while raw transcripts are never fully read back into the context, but merely "grep’d" for specific identifiers.
This "Strict Write Discipline"—where the agent must update its index only after a successful file write—prevents the model from polluting its context with failed attempts.
For competitors, the "blueprint" is clear: build a skeptical memory. The code confirms that Anthropic’s agents are instructed to treat their own memory as a "hint," requiring the model to verify facts against the actual codebase before proceeding.
Interesting to see if continue.dev takes advantage of this methodology. My only complaint has been context with it.
The code is still on GitHub, just an earlier commit: https://github.com/chatgptprojects/clear-code/tree/627ab39f09681d9c7d6915861d36d361bdc6d889
I was like "Ha, ha nice April's fools"... Then I keep reading the comments and... WTF‽
Best part of the leak, they use regex matches for sentiment lol
The best learning method is from your own mistakes. So, Claude is still learning.
This is just the UI right? Or the models too?
Actual project knowledge is distributed across "topic files" fetched on-demand, while raw transcripts are never fully read back into the context, but merely "grep’d" for specific identifiers.
Consistent with a lot of bugs and goofs I've heard people in long running instance of Claude will encounter.
