Summarizer

Strategic Information Exposure

Concern that feature flags and codenames reveal product roadmap details to competitors, which cannot be undone unlike refactorable code

← Back to The Claude Code Source Leak: fake tools, frustration regexes, undercover mode

The discussion centers on whether the inclusion of internal codenames and "Undercover mode" in Claude Code represents a catastrophic leak of strategic roadmaps or merely a practical precaution against accidental exposure during public contributions. While some dismiss the findings as insignificant, others are alarmed by the exposure of granular operational data and unreleased model names, suggesting a surprisingly "YOLO" approach to shipping sensitive trade secrets within client-side code. Critics emphasize that while source code can be easily refactored, leaked feature flags and anti-distillation tactics provide competitors with irreversible insights into Anthropic’s long-term product strategy. Ultimately, the community is puzzled by the technical oversight of not keeping these prompts and internal logic server-side, questioning the disconnect between the company’s high-stakes AI development and its software release practices.

20 comments tagged with this topic

View on HN · Topics
You can already turn off "Co-Authored-By" via Claude Code config. This is what their docs show: ~/.claude/settings.json { "attribution": { "commit": "", "pr": "" }, The rest of the prompt is pretty clear that it's talking about internal use. Claude Code users aren't the ones worried about leaking "internal model codenames" nor "unreleased model opus-4-8" nor Slack channel names. Though, nobody would want that crap in their generated docs/code anyways. Seems like a nothingburger, and everyone seems to be fantasizing about "undercover mode" rather than engaging with the details.
View on HN · Topics
There's a more worrying part: It refers to unreleased versions of Claude in more detail than released versions. For a company calling chinese companies out for distillation attacks on their models, this very much looks like a distillation attack against human maintainers, especially when combined with the frustration detector.
View on HN · Topics
“Some bullet points are gated on process.env.USER_TYPE === 'ant' — Anthropic employees get stricter/more honest instructions than external use” Interesting!
View on HN · Topics
I made a visual guide for this https://ccunpacked.dev
View on HN · Topics
The name "Undercover mode" and the line `The phrase "Claude Code" or any mention that you are an AI` sound spooky, but after reading the source my first knee-jerk reaction wouldn't be "this is for pretending to be human" given that the file is largely about hiding Anthropic internal information such as code names. I encourage looking at the source itself in order to draw your conclusions, it's very short: https://github.com/alex000kim/claude-code/blob/main/src/util...
View on HN · Topics
Doesn't seem so crazy if the point is to avoid leaking new features, models, codenames, etc.
View on HN · Topics
Undercover mode seems like a way to make contributions to OSS when they detect issues, without accidentally leaking that it was claude-mythos-gigabrain-100000B that figured out the issue
View on HN · Topics
It's people overreacting, the purpose of it is simple, don't leak any codenames, project names, file names, etc when touching external / public facing code that you are maintaining using bleeding edge versions of Claude Code. It does read weird in that they want it to write as if a developer wrote a commit, but it might be to avoid it outputting debug information in a commit message.
View on HN · Topics
I'm amazed at how much of what my past employers would call trade secrets are just being shipped in the source. Including comments that just plainly state the whole business backstory of certain decisions. It's like they discarded all release harnesses and project tracking and just YOLO'd everything into the codebase itself. Edit: Everyone is responding "comments are good" and I can't tell if any of you actually read TFA or not > “BQ 2026-03-10: 1,279 sessions had 50+ consecutive failures (up to 3,272) in a single session, wasting ~250K API calls/day globally.” This is just revealing operational details the agent doesn't need to know to set `MAX_CONSECUTIVE_AUTOCOMPACT_FAILURES = 3`
View on HN · Topics
> “BQ 2026-03-10: 1,279 sessions had 50+ consecutive failures (up to 3,272) in a single session, wasting ~250K API calls/day globally.” That's revealing waaaay more than the agent needs to know.
View on HN · Topics
Doesn't look like privileged information to me. Seems to me like everyone's just grasping at straws to nitpick every insignificant little thing.
View on HN · Topics
It's a good comment, it explains the reason for the setting. They didn't expect to leak their source code. It's hardly a trade secret, what value is this to a competitor?
View on HN · Topics
Sounds like there's still a lot of value in Typescript (otherwise they could have open sourced.) Plus there's demand for skilled TS software devs that don't ship your company's roadmap using a js.map 20,000 agents and none of them caught it...
View on HN · Topics
I'm surprised that they don't just keep the various prompts, which are arguably their "secret sauce", hidden server side. Almost like their backend and frontend engineers don't talk to each other.
View on HN · Topics
My company uses Claude through our own private data centers behind our own proxy that logs all requests and responses in and out. However, Anthropic heavily steers these models during RL to respond a certain way to certain prompting, so that's basically the "secret sauce" you're thinking of.
View on HN · Topics
Sure, that's part of it, but they clearly don't like people knowing about their prompts either.
View on HN · Topics
i always wondered what prompts codex / claude code use but always figured they just send variables to the backend and render the whole prompt there so i never even bothered to check with a MITM proxy. turns out i should have just done that…
View on HN · Topics
Why would Claude code mention Mythos then
View on HN · Topics
Because they (apparently) keep a bunch of secret features and roadmap details in said source code.
View on HN · Topics
The feature flag names alone are more revealing than the code. KAIROS, the anti-distillation flags, model codenames those are product strategy decisions that competitors can now plan around. You can refactor code in a week. You can't un-leak a roadmap.