Anthropic's Claude Code Gets Leaked. OpenAI's Codex Was Already Open-Source. Here's What It All Means.

Anthropic accidentally shipped its entire source code

Earlier today, security researcher Chaofan Shou discovered that Anthropic's Claude Code, their flagship AI coding agent that runs in your terminal, had its full TypeScript source code exposed through a .map file bundled into the npm package.

Source maps are debugging files that bridge minified production code back to the original source. They're supposed to be stripped before publishing. Anthropic didn't strip theirs. The file pointed to a ZIP archive on Anthropic's own cloud storage containing everything: ~1,900 files, 512,000+ lines of code, and dozens of unreleased features hidden behind internal feature flags.

Within hours, the code had been mirrored to multiple GitHub repositories, analyzed on Hacker News and Reddit, and written up by VentureBeat, cybersecurity outlets, and dozens of independent developers. One developer used Claude Code itself to dissect the Claude Code source. The internet had a field day.

Then an OpenAI engineer made everyone think Codex leaked too

Shortly after the Claude Code leak went viral, @reach_vb — who works on OpenAI's Codex team — tweeted what appeared to be a bombshell:

It was a joke. But a lot of people didn't realize that immediately, and it spread as though both companies had been compromised on the same day.

The reality is much less dramatic. OpenAI open-sourced Codex CLI back in April 2025, intentionally, under the Apache 2.0 license. It was announced alongside the o3 and o4-mini models, covered by TechCrunch, and has been sitting publicly on GitHub ever since, where it now has 60,000+ stars and 363 contributors.

In other words: the Codex "leak" was just a link to a public repo that's been open for nearly a year.

Claude Code is way more than a chatbot in a terminal

The leaked codebase reveals Claude Code to be a far more ambitious piece of software than its public-facing product suggests. Here's what people have found so far:

The biggest revelations aren't the stats, it's what's behind those feature flags. The code references KAIROS, an always-on autonomous daemon mode where Claude runs as a background agent, performing "memory consolidation" while you're idle. It also contains ULTRAPLAN, a 30-minute remote planning system, and a Coordinator Mode that lets one Claude instance spawn and manage multiple worker agents in parallel.

And then there's BUDDY, a Tamagotchi-style virtual pet that lives in your terminal. There are 18 species (including an axolotl and a ghost), rarity tiers, cosmetic hats, shiny variants, and five stats: Debugging, Patience, Chaos, Wisdom, and Snark. It's seeded from your user ID. Someone at Anthropic is having fun.

The codebase also reveals the full system prompts embedded in the CLI, a multi-agent orchestration system, IDE bridge integrations for VS Code and JetBrains, a plugin architecture, voice input support, vim mode, and an internal "Undercover Mode" designed to prevent Claude from leaking Anthropic codenames in git commits. That last one is particularly ironic given the circumstances.

This is a security story, a competitive intelligence story, and a cultural moment

For Anthropic: This is embarrassing. The company that positions itself as the safety-focused AI lab just shipped its entire proprietary codebase to the public internet via a misconfigured build step. VentureBeat called it "a literal blueprint for how to build a high-agency, reliable, and commercially viable AI agent." Competitors, from established players to startups like Cursor, now have a detailed look at Anthropic's architecture, permission systems, and unreleased roadmap.

For OpenAI: The contrast is striking, even if the viral comparison was based on a joke. OpenAI made a deliberate strategic choice to open-source Codex CLI a year ago. Their repo now has nearly 8,000 forks and active community contributions. Whether or not that was the "right" call, it means they never had this kind of vulnerability. You can't leak what's already public.

For developers: This is a reminder that build pipeline hygiene matters. A single missing .npmignore entry or a bundler default left unchecked can expose everything. The irony is stark: a tool built to help engineers write better code was undone by a build configuration oversight.

The AI coding war just got a lot more transparent

Even if you've never used a terminal in your life, this matters because it shows what's actually being built inside the biggest AI companies right now. These aren't simple chatbots. Claude Code is a multi-agent system that can spawn copies of itself, run background processes while you sleep, manage teams of sub-agents, and remember context across sessions. That's the trajectory for all AI tools, not just coding ones.

The leaked feature flags essentially serve as a public roadmap. KAIROS (always-on agents), multi-agent coordination, proactive task scheduling, these are the building blocks of a future where AI doesn't just respond to you, it works alongside you continuously.

It also raises a question worth thinking about: should powerful developer tools like this be proprietary at all? OpenAI bet on open source for Codex. Anthropic kept Claude Code closed. Today's events made that philosophical difference very, very tangible.