The $40 billion dollar accidental risk: Inside the Claude code leak

@ChaofanShou (The researcher who first flagged the leak): “Claude code source code has been leaked via a map file in their npm registry! This is massive. You can see every single internal prompt and tool definition.”

Last two weeks, X (twitter) erupted when an AI researcher made the tweet above. It would eventually gain over 34 million views with many other X users mobilising meet-ups to analyse the source codes with others already forking and porting while the skeptics wondered if this was really an accident as it was too good to be true.

Back story

The last day of March, 2026 was the last day Anthropic as an AI company lost protection of over 500,000 lines of pure typescripts from its flagship developer tool, Claude code. This was a classic case of a high-tech powerhouse being humbled by a low-tech mistake. What makes this event particularly striking and embarrassing (on their part) is not just the scale – it wasn’t a sophisticated hack at all; rather, a simple human error in the npm packaging process accidentally including a debugging sourcemap for Claude Code, v2.1.88, thus, supplying the techies enough tacos to feast on. Expectedly, within hours, the internet had de-obfuscated and reconstructed over 512,000 lines of TypeScript, effectively handing the world the blueprint for Anthropic’s flagship AI agent.

The Anatomy of the Leak: A bad day for the Claude crew

The leak exposed the inner workings of how Claude interacts with a user’s local file system, its “kairos” autonomous background agent mode, and even “Undercover Mode”—a feature that allowed Anthropic employees to contribute to public repositories while masking the AI’s involvement. Even though the model weights –  the core brain is still safe behind Anthropic’s servers, the scaffolding, that is, how the AI agent thinks, plans, and executes commands is now public. The leak originated from a misconfigured release that unintentionally included a source map (.map) file, which linked to a full archive of Claude Code’s internal TypeScript codebase. Within hours, the code spread across thousands of GitHub repositories, making containment virtually impossible. 

Importantly, Anthropic clarified that no user data or model weights were exposed. However, the leak did reveal internal architecture, hidden features, and product roadmap signals—effectively giving competitors a rare look under the hood of a top AI system. 

Implications for Anthropic

This incident creates a complex mix of risks and opportunities which will continue to unfold in the coming days. First beneficiaries here are the competitors. That’s not a hard guess.
The competitive exposure occasioned by this incident is served on a platter. The leak provides rivals with insights into Anthropic’s agent architecture, tooling strategy, and upcoming features.  It’s also a shortcut for any startup trying to build a rival coding assistant as they can now access how anthropic handles long-running tasks, error recovery and tool-calling logic. These vulnerabilities can also be weaponised against them. With the client-side logic exposed, bad actors can now find “jailbreaks” more easily. They can see exactly how the agent validates permissions, making it easier to craft malicious repositories that trick Claude into exfiltrating data or running unauthorised shell commands. Too bad but that’s only the pre-amble. That is to say that, the problem is not for the anthropic company alone, real-world security threats beyond their intellectual property loss has now been introduced as some leaked versions have already been repackaged with malware like Vidar (an information stealer) and Ghostsocks. This is a significant supply chain risk.

The reputation of the company as a leader in AI safety and security has also been massively hit. Coming at a time when Anthropic is already navigating tensions with the U.S. government over national security risks, this “human error” provides ammunition to critics who argue that AI labs cannot yet be trusted with sensitive defense-related deployments thus tightening their scrutiny and regularisation. Multiple leaks within a short period is not a positive sign and undermines the security legacy plus significant concerns about operational discipline in the event of partnerships, collaborators and investors.

Ironically, in all of these, one good news is that this leak has great potential to promote innovation across the industry thus accelerating the AI ecosystem advancement in general. Developers now better understand how advanced AI agents are orchestrated, lowering the barrier to entry.

Anthropic can regain its edge: Recommendations

To turn this disaster into a pivot that can help them remain competitive and credible, Anthropic needs to move decisively. This is a call to double-down on operational security and transparency. This mistake was professionally preventable. Implementing stricter CI/CD checks, artifact scanning, and “fail-closed” deployment pipelines is a great place to start. 

In addition, the real moat in AI is increasingly shifting toward proprietary data, training techniques, and model performance, not just tooling. Anthropic should lean into strengthening Claude’s core intelligence by shifting from code advantage (scaffolding) to model advantage. As unpleasant as this incidence has been, the temptation to fight the inevitability of leaks, it is important that they prioritise the path of selective transparency since their internal “Undercover Mode” has sparked a trust deficit, Anthropic could open-source controlled components and position itself as a leader in responsible transparency – similar to how some companies leverage open systems strategically. This move will boost developer trust in their operations. Furthermore, clear communication, rapid patching, and visible improvements in security processes will be key to retaining enterprise users and developers’ confidence. To neutralise any advantage gained from the leak, all the planned roadmap for product differentiation must be accelerated at a faster rate. The leak revealed ambitious features with internal codenames like “Capybara” and “Numbat”. Anthropic must ship these models earlier than originally scheduled and smarter than originally intended, that way they can stay ahead of the race and the old logic becomes obsolete. As an extra step, tightening the bond between the Claude Code CLI and secure hardware environments (like trusted execution environments), this level of integration can make the leaked software logic useless for anyone trying to run it on unverified systems

Final Thoughts

The Claude Code leak is more than just a technical mishap—it’s a signal moment for the AI industry. It highlights a paradox: the more powerful and complex AI systems become, the more fragile their operational layers can be. The leak is a bruising reminder that in the AI race, the “agentic” wrapper is just as valuable as the model itself. Anthropic still has strong fundamentals, but in a race where trust, speed, and innovation matter equally, incidents like this can shift momentum quickly. Anthropic’s “edge” no longer lies in how they built the tool, but in how fast they can evolve it beyond the version currently sitting in 8,000 GitHub mirrors. The next few months will determine whether this leak becomes a temporary setback—or a defining turning point.

After a punishing start to 2026 that wiped billions of dollars off technology valuations and briefly pushed the sector back toward pre-ChatGPT pricing levels, Wall Street is beginning to see the outlines of a renewed rally.

Software stocks, led by Oracle’s double-digit jump, saw a sharp rebound on Monday, with the development being interpreted not as a fleeting bounce but as the opening phase of a broader technology recovery.

The rally comes at a moment when investor sentiment toward growth stocks is undergoing a rapid reassessment. For much of the first quarter, technology shares were battered by geopolitical instability, particularly the Iran conflict and the resulting energy-price shock, alongside persistent concerns that the AI boom had left valuations overstretched. That correction, however, has now compressed multiples to levels many strategists consider historically attractive.

At the forefront of Monday’s rebound was Oracle, whose shares surged as much as 12%, making it one of the strongest performers in both software and the broader technology sector. The stock’s advance helped propel the software complex to its best day in roughly a year, reinforcing the view that institutional investors are beginning to rotate back into beaten-down AI and enterprise software names.

The significance of Oracle’s move goes beyond a single-session price spike. The company has become a proxy for investor confidence in enterprise AI infrastructure spending. Its cloud expansion, large contracted revenue backlog, and positioning in database and data-center infrastructure make it a bellwether for whether legacy software companies can successfully monetize AI rather than be displaced by it.

What makes the current setup especially compelling for bulls is the sharp compression in valuations.

“Tech valuations are now LOWER than they were when ChatGPT was announced,” Adam Kobeissi, founder of The Kobeissi Letter, said. “As the Iran War drives markets lower, AI is only getting bigger. Record highs are on the horizon.”

That assessment has found support among other market voices. Apollo chief economist Torsten Slok has similarly noted that sector multiples have fallen from around 40 times earnings to roughly 20 times, effectively erasing much of the premium built during the AI frenzy of 2023 through 2025.

This reset is crucial because, unlike previous speculative bubbles, earnings expectations have not collapsed alongside prices.

According to BlackRock, the technology sector is still projected to deliver approximately 43% earnings growth in 2026, a remarkably strong figure that suggests the selloff was driven more by macro fear and profit-taking than by a deterioration in corporate fundamentals.

That divergence between falling valuations and stable earnings estimates is one reason strategists increasingly describe the current moment as a buy-the-dip opportunity rather than the start of a prolonged bear market.

Daniel Newman, chief executive of Futurum, described the present environment as “a historically opportune moment” to re-enter the AI trade.

The AI story itself remains the central pillar of the bull case. Even as war-driven volatility pressured markets, the underlying capital expenditure cycle tied to artificial intelligence has continued to expand. Hyperscalers and enterprise software companies are still investing massive sums in compute, cybersecurity, data storage, and AI tools. This suggests that the secular demand story remains intact even as share prices undergo cyclical corrections.

Importantly, investors are becoming more selective. Rather than buying technology indiscriminately, capital is increasingly flowing toward companies viewed as essential infrastructure providers or those seen as least vulnerable to AI disintermediation. This includes names such as Microsoft, Alphabet, Meta, Amazon, and NVIDIA, all of which remain deeply embedded in the AI ecosystem through cloud services, chips, platforms, or advertising engines.

Cybersecurity is another area drawing heightened attention. As geopolitical risks intensify and AI tools raise the stakes around enterprise security, firms such as CrowdStrike, Palo Alto Networks, and Zscaler are increasingly being viewed as structural beneficiaries of the next technology upswing.

Another major catalyst now in focus is earnings season. First-quarter corporate results are expected to begin shortly, and analysts broadly expect technology to once again lead profit growth across the S&P 500. This matters because earnings will determine whether the recent rally develops into a sustained re-rating.

Analysts believe that if large-cap tech companies deliver resilient revenue growth and strong AI monetization metrics, investors may gain the confidence needed to push the sector back toward all-time highs.

Goldman Sachs has already pointed to “secular growth” stocks, many of them concentrated in technology, as best positioned for the next expansion phase. That view is reinforced by the market’s gradual shift away from purely macro-driven selling toward stock-specific fundamental analysis.

The broader narrative, therefore, is one of transition – as demonstrated by the first quarter, which was defined by de-risking, war headlines, and multiple compressions. The second quarter is expected to increasingly be defined by earnings validation, AI monetization, and renewed institutional positioning.

Monday’s software rally may prove to be the first meaningful signal that investors believe the valuation reset is complete and that the next leg of the AI-driven tech cycle is beginning. Analysts note that if earnings confirm that thesis, the sector could indeed be laying the groundwork for a fresh run toward record territory.

British Petroleum (BP) delivered a striking early signal of strength on Tuesday, announcing that its oil trading desk posted “exceptional” results in the first quarter of 2026.

The windfall stemmed directly from the sharp surge in crude prices and heightened market volatility triggered by the escalation of conflict in the Middle East since late February. The update, released ahead of full quarterly results scheduled for April 28, echoes a similar upbeat trading message from rival Shell the previous week and underscores how geopolitical shocks continue to reshape fortunes across the energy sector.

The conflict, sparked by U.S. and Israeli actions against Iran, has disrupted supplies through the Strait of Hormuz, a chokepoint carrying roughly one-fifth of global oil and gas flows. Brent crude averaged $81.13 per barrel during the January-to-March period, a meaningful jump from $63.73 in the fourth quarter of 2025.

Prices spiked dramatically in March, at times approaching or exceeding $100–120 per barrel amid attacks on facilities, temporary closures, and retaliatory measures. As of Tuesday, front-month U.S. crude futures hovered near $97, while June Brent contracts traded around $98–99, reflecting persistent tensions even after a fragile two-week ceasefire and stalled peace efforts.

BP’s traders thrived in the chaotic environment. Wide spreads between marker prices and realized values, combined with rapid swings in crude, natural gas, and refined products, created rich opportunities for arbitrage, inventory management, and optimization. The company explicitly contrasted this performance with a “weak” fourth-quarter outcome, noting that the latter part of Q1 saw particularly intense dislocation. While full segment breakdowns await the April 28 release, the trading uplift is expected to provide a significant offset to any upstream or downstream pressures.

Shell similarly flagged meaningfully stronger trading and optimization results in its own early Q1 preview, highlighting how volatility benefits well-positioned desks even when physical operations face headwinds such as reduced Qatari LNG volumes.

Debt Rises on Working Capital Demands

The good news on trading, however, came with a caveat. BP expects net debt at the end of March to land between $25 billion and $27 billion, up from $22.2 billion at year-end 2025. The primary driver is a substantial working-capital build, estimated at $4—7 billion, necessitated by the higher price environment. Elevated crude values inflate the cost of inventories and receivables, tying up cash even as margins improve elsewhere. Organic capital expenditure is projected to remain broadly flat at around $3.5 billion, with upstream production broadly steady quarter-on-quarter.

Investors have grown accustomed to such swings. In periods of rapid price escalation, majors routinely see balance-sheet expansion before cash flows normalize. BP’s management has long emphasized financial resilience, yet the increase serves as a reminder that commodity supercycles demand careful liquidity stewardship. Shareholders may temper hopes for aggressive buybacks or special dividends until the working-capital cycle unwinds.

Markets are closely watching diplomatic maneuvers as they are expected to shape future trades. President Donald Trump stated Monday that Iran “would like to make a deal very badly,” while Vice President JD Vance emphasized that next steps rest with Tehran following inconclusive weekend talks.

Reuters reported potential resumption of discussions in Islamabad as soon as this week. On the operational front, the U.S. implemented a blockade of Iranian ports and the Strait of Hormuz beginning Monday, aiming to squeeze Tehran’s oil revenue while keeping lanes open for non-Iranian traffic. Trump described the dual objective as forcing both reopening of the strait and broader negotiations—“both of those things, certainly, and more.”

Any swift resolution would ease supply fears, but analysts caution that prolonged disruption could cascade through global markets. HSBC Holdings Chair Brendan Nelson, speaking at the HSBC Global Investment Summit in Hong Kong, stressed that a Middle East peace deal is “essential” to restore substantial energy flows.

But as long as uncertainty lingers, energy prices will stay elevated, feeding into broader inflation risks and tighter financial conditions. Nelson urged caution on current growth, trade, and inflation forecasts, noting that indirect effects from higher energy costs, felt across transport, manufacturing, and consumer prices, will intensify the longer the situation persists.

“The longer the disruption continues, the more the indirect effects from higher energy costs will lift inflation and depress growth,” Nelson said.

He anticipates interest rates remaining on hold across the U.S., Europe, and Britain this year amid already elevated market rates.

However, the current environment presents a classic trade-off for BP and its peers: near-term trading and refining margin gains against longer-term risks of demand destruction, higher operating costs, and potential recessionary pressure if energy inflation bites too deeply.

BP’s production mix, particularly lagged pricing in the Gulf of America and UAE, means some realization benefits will flow through with delay, while gas marketing and trading is expected to deliver only an average performance.