139: Claude Code’s Secrets Are Out
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “139: Claude Code’s Secrets Are Out” inside PodZeus.
In a shocking twist, Anthropic accidentally leaked the full 512,000-line source code of Claude Code to the public via a misconfigured NPM package that included a source map pointing directly to their internal codebase. While the leak was quickly taken down, the damage was done—giving developers, competitors, and curious hackers unprecedented access to the inner workings of one of the most popular AI coding assistants. Inside the code, researchers uncovered tantalizing hints of future features: a background daemon named Kairos that learns user behavior over time to act proactively, an 'undercover mode' that allows AI contributions to open source without revealing its identity, and even playful ASCII pets that could interact in the developer’s terminal like a modern Clippy. Meanwhile, Axios—the foundational HTTP client for millions—was weaponized in a sophisticated supply chain attack by a North Korean threat group, UNC 1069, which hijacked the maintainer’s account to inject a malicious dependency that deployed a cross-platform remote access Trojan. The attack exploited outdated security practices, including active publishing tokens and dangerous post-install scripts, highlighting the fragility of the open-source ecosystem. Despite the chaos, the episode ends on a lighter note with a glowing review of Redwood SDK’s 1.
Claude Code’s source code was leaked via a misconfigured NPM package with a live source map, exposing 512,000 lines of code including future features like Kairos and undercover mode.
Kairos, a background daemon in the leaked code, appears designed to learn user behavior and act proactively—raising major privacy concerns and potential for proactive AI assistance.
Axios was compromised by a North Korean threat actor (UNC 1069) who hijacked a maintainer’s token to inject a malicious dependency that deployed a cross-platform remote access Trojan.
The Axios attack exploited outdated publishing practices and dangerous post-install scripts—underscoring the need for locked dependencies, package lock files, and adoption of trusted publishing.
Redwood SDK 1.0 launches as a Cloudflare-native, server-first React framework with real-time sync via durable objects, no code generation, and a 'what you see is what you get' philosophy.
…and 3 more takeaways available in PodZeus
Claude Code Source Code Leak: The Internet's New Playground
“Once it's out there, you can't undo it. Yeah, it's like the classic internet because I was wondering exactly how this happened when I first heard the news and it sounds like the source maps just pointed at the full source code that they had up on Cloudflare or whatever and that it was only up for a handful of minutes or whatever but that was plenty for the internet to get a full copy of it and then at that point, there's no taking that back.”
Inside the Leak: Kairos, Undercover Mode, and ASCII Pets
“There is a thing called Kairos, K-A-I-R-O-S, which is a background daemon that is apparently even around when Claude code is closed and it will be regularly checking on your computer to see if it can be proactive for a user.”
The Axios Supply Chain Attack: A Nation-State Breach
“The attacker hijacked the lead maintainer of Axios' NPM account and published two poisoned versions across both the 1.x and legacy 0.x release branches within 39 minutes of each other, and injected a phantom dependency whose sole purpose was to deploy persistent malware on macOS, Windows, and Linux.”
Security Lessons: Why This Happened and How to Protect Yourself
The hosts break down the technical and human factors behind the Axios breach—outdated publishing tokens, lack of trusted publishing, and dangerous post-install scripts—and offer concrete mitigation strategies.
Redwood SDK 1.0: Cloudflare’s New Full-Stack Framework
Redwood SDK reaches 1.0 with a server-first, Cloudflare-native architecture that promises transparency, real-time sync via durable objects, and no hidden magic—positioning itself as a strong alternative to Next.js.
“Kairos, K -A -I -R -O -S, which is a background daemon that is apparently even around when Claude code is closed and it will be regularly checking on your computer to see if it can be proactive for a user.”
“biggest security hole in the entire JavaScript ecosystem is these post -install scripts because it's still, I think, wild to me that if you install a package from Node, it has the ability to just basically just completely run a script in Bash.”
“Once it's out there, you can't undo it. Yeah, it's like the classic internet because I was wondering exactly how this happened when I first heard the news and it sounds like the source maps just pointed at the full source code that they had up on Cloudflare or whatever and that it was only up for a handful of minutes or whatever but that was plenty for the internet to get a full copy of it and then at that point, there's no taking that back.”
Hosts
claude code
product
anthropic
organization
axios
product
npm
organization
cloudflare
organization
redwood sdk
product
serial productions
organization
unc 1069
other
the idiot
media
activate
other
140: Cloudflare is Coming for WordPress
Front-End Fire • 57m • 4/13/2026
142: Vercel Had a Week
Front-End Fire • 55m • 4/27/2026
143: The AI Bill Is Due
Front-End Fire • 55m • 5/4/2026
144: Did Tanner Just Replace React?
Front-End Fire • 57m • 5/11/2026
145: AI Layoffs Will Continue Until Morale Improves
Front-End Fire • 53m • 5/18/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “139: Claude Code’s Secrets Are Out” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime