HN

Comments (303)

• Menu

  mzajc
  There are now several comments that (incorrectly?) interpret the undercover mode as only hiding internal information. Excerpts from the actual prompt[0]: NEVER include in commit messages or PR descriptions: - The phrase "Claude Code" or any mention that you are an AI - Co-Authored-By lines or any other attribution BAD (never write these): - 1-shotted by claude-opus-4-6 - Generated with Claude Code - Co-Authored-By: Claude Opus 4.6 <…> This very much sounds like it does what it says on the tin, i.e. stays undercover and pretends to be a human. It's especially worrying that the prompt is explicitly written for contributions to public repositories.[0]: https://github.com/chatgptprojects/claude-code/blob/642c7f94...
• Menu

  blcknight
  My GitHub fork of anthropics/claude-code just got taken down with a DMCA notice lolIt did not have a copy of the leaked code...Anthropic thinking 1) they can unring this bell, and 2) removing forks from people who have contributed (well, what little you can contribute to their repo), is ridiculous.---DMCA: https://github.com/github/dmca/blob/master/2026/03/2026-03-3...GitHub's note at the top says: "Note: Because the reported network that contained the allegedly infringing content was larger than one hundred (100) repositories, and the submitter alleged that all or most of the forks were infringing to the same extent as the parent repository, GitHub processed the takedown notice against the entire network of 8.1K repositories, inclusive of the parent repository."
• Menu

  causal
  I'm amazed at how much of what my past employers would call trade secrets are just being shipped in the source. Including comments that just plainly state the whole business backstory of certain decisions. It's like they discarded all release harnesses and project tracking and just YOLO'd everything into the codebase itself.Edit: Everyone is responding "comments are good" and I can't tell if any of you actually read TFA or not> “BQ 2026-03-10: 1,279 sessions had 50+ consecutive failures (up to 3,272) in a single session, wasting ~250K API calls/day globally.”This is just revealing operational details the agent doesn't need to know to set `MAX_CONSECUTIVE_AUTOCOMPACT_FAILURES = 3`
• Menu

  preston-kwei
  I’m more curious how this impacts trust than anything else.In the span of basically a week, they accidentally leaked Mythos, and then now the entire codebase of CC. All while many people are complaining about their usage limits being consumed quickly.Individually, each issue is manageable (Because its exciting looking through leaked code). But together, it starts to feel like a pattern.At some point, I think the question becomes whether people are still comfortable trusting tools like this with their codebases, not just whether any single incident was a mistake.
• geoffbp
  “Some bullet points are gated on process.env.USER_TYPE === 'ant' — Anthropic employees get stricter/more honest instructions than external use”Interesting!
• Menu

  evil-olive
  > So I spent my morning reading through the HN comments and leaked source.> This was one of the first things people noticed in the HN thread.> The obvious concern, raised repeatedly in the HN thread> This was the most-discussed finding in the HN thread.> Several people in the HN thread flagged this> Some in the HN thread downplayed the leakwhen the original HN post is already at the top of the front page...why do we need a separate blogpost that just summarizes the comments?
• Menu

  peacebeard
  The name "Undercover mode" and the line `The phrase "Claude Code" or any mention that you are an AI` sound spooky, but after reading the source my first knee-jerk reaction wouldn't be "this is for pretending to be human" given that the file is largely about hiding Anthropic internal information such as code names. I encourage looking at the source itself in order to draw your conclusions, it's very short: https://github.com/alex000kim/claude-code/blob/main/src/util...
• Menu

  Reason077
  > "Anti-distillation: injecting fake tools to poison copycats"Plot twist: Chinese competitors end up developing real, useful versions of Claude's fake tools.
• Menu

  autocracy101
  I made a visual guide for this https://ccunpacked.dev
• artyom
  I'm still amazed that something as ubiquitous as "daemon mode" is still unreleased.- Claude Chat: built like it's 1995, put business logic in the button click() handler. Switch to something else in in the UI and a long running process hard stops. Very Visual Basic shovelware.- Claude Cowork: same but now we're smarter, if you change the current convo we don't stop the underlying long-running process. 21st century FTW!- Claude Code: like chat, but in the CLI- Claude Dispatch: an actual mobile client app, not the whole thing bundled together.- Daemon mode: proper long-running background process, still unreleased.
• Menu

  fatcullen
  The buddy feature the article mentions is planned for release tomorrow, as a sort of April Fools easter egg. It'll roll out gradually over the day for "sustained Twitter buzz" according to the source.The pet you get is generated based off your account UUID, but the algorithm is right there in the source, and it's deterministic, so you can check ahead of time. Threw together a little app to help, not to brag but I got a legendary ghost https://claudebuddychecker.netlify.app/
• imcritic
  Does this mean I can now self host Claude?
• Menu

  Aperocky
  It's completely baffling to me why a client that must run on third party environment is behind closed source.
• Menu

  girvo
  I'd really recommend putting a modicum of work into cleaning up obvious AI generated output. It's rude, otherwise, to the humans you're expecting to read this.
• Menu

  ripbozo
  I don't understand the part about undercover mode. How is this different from disabling claude attribution in commits (and optionally telling claude to act human?)On that note, this article is also pretty obviously AI-generated and it's unfortunate the author didn't clean it up.
• Menu

  simianwords
  > The multi-agent coordinator mode in coordinatorMode.ts is also worth a look. The whole orchestration algorithm is a prompt, not code.So much for langchain and langraph!! I mean if Anthropic themselves arent using it and using a prompt then what’s the big deal about langchain
• Menu

  ChicagoDave
  Meanwhile Claude Code is still awesome. I don’t see my self switching to OpenAI (seriously bad mgmt and possibly the first domino to fall if there is a correction) or Gemini (Google ethics cough cough).
• Menu

  layer8
  > Sometimes a regex is the right tool.I’d argue that in this case, it isn’t. Exhibit 1 (from the earlier thread): https://github.com/anthropics/claude-code/issues/22284. The user reports that this caused their account to be banned: https://news.ycombinator.com/item?id=47588970Maybe it would be okay as a first filtering step, before doing actual sentiment analysis on the matches. That would at least eliminate obvious false positives (but of course still do nothing about false negatives).
• Menu

  pixl97
  >Claude Code also uses Axios for HTTP.Interesting based on the other news that is out.
• Menu

  wg0
  I have yet to see such a company that's so insecure that they would keep their CLI closed source even when the secret sauce is in the model that they control already and is closed source.Not only that, wouldn't allow other CLIs to be used either.
• Menu

  stavros
  Can someone clarify how the signing can't be spoofed (or can it)? If we have the source, can't we just use the key to now sign requests from other clients and pretend they're coming from CC itself?
• tietjens
  This is very much AI written, right? The voice sounds like Claude.
• seanwilson
  Anyone else have CI checks that source map files are missing from the build folder? Another trick is to grep the build folder for several function/variable names that you expect to be minified away.
• Menu

  karim79
  We're about to reach AGI. One regex at a time...
• senfiaj
  > Frustration detection via regex (yes, regex)/\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horrible|awful| piss(ed|ing)? off|piece of (shit|crap|junk)|what the (fuck|hell)| fucking? (broken|useless|terrible|awful|horrible)|fuck you| screw (this|you)|so frustrating|this sucks|damn it)\b/Personally, I'm generally polite even towards AI and even when frustrated. I simply point out the its mistakes instead of using emotional words.
• Menu

  simianwords
  > The obvious concern, raised repeatedly in the HN thread: this means AI-authored commits and PRs from Anthropic employees in open source projects will have no indication that an AI wrote them. It’s one thing to hide internal codenames. It’s another to have the AI actively pretend to be human.I don’t get it. What does this mean? I can use Claude code now without anyone knowing it is Claude code.
• Menu

  shreyssh
  The undercover mode is the part that should terrify everyone building with agents.
• stephbook
  Sounds like there's still a lot of value in Typescript (otherwise they could have open sourced.)Plus there's demand for skilled TS software devs that don't ship your company's roadmap using a js.map20,000 agents and none of them caught it...
• SquibblesRedux
  Can fully AI‑generated code be copyrightable? Is there evidence that the leaked code was AI-generated?
• mordae
  > “Do not rubber-stamp weak work” and “You must understand findings before directing follow-up work. Never hand off understanding to another worker.”:-D
• Menu

  olalonde
  I'm surprised that they don't just keep the various prompts, which are arguably their "secret sauce", hidden server side. Almost like their backend and frontend engineers don't talk to each other.
• msukkarieh
  Built a tool to ask questions on the Claude Code source code: https://askgithub.com/alex000kim/claude-code
• motbus3
  I am curious about these fake tools.They would either need to lie about consuming the tokens at one point to use in another so the token counting was precise.But that does not make sense because if someone counted the tokens by capturing the session it would certainly not match what was charged.Unless they would charge for the fake tools anyway so you never know they were there
• betimd
  that’s fun am having exploring this codebase with claude code, inception at its best
• Menu

  armanj
  > Anti-distillation: injecting fake tools to poison copycatsDoes this mean `huggingface.co/Jackrong/Qwen3.5-27B-Claude-4.6-Opus-Reasoning-Distilled` is unusable? Had anyone seen fake tool calls working with this model?
• viccis
  >This was the most-discussed finding in the HN thread. The general reaction: an LLM company using regexes for sentiment analysis is peak irony.>Is it ironic? Sure. Is it also probably faster and cheaper than running an LLM inference just to figure out if a user is swearing at the tool? Also yes. Sometimes a regex is the right tool.I'm reading an LLM written write up on an LLM tool that just summarizes HN comments.I'm so tired man, what the hell are we doing here.
• marcd35
  > 250,000 wasted API calls per dayHow much approximate savings would this actually be?
• gervwyk
  how sure are we this entire “accident” is not an aprils fools joke??Genius level AI marketing
• try-working
  They want "Made with Claude Code" on your PRs as a growth marketing strategy. They don't want it on their PRs, so it looks like they're doing something you're not capable of. Well, you are and they have no secret sauce.
• Menu

  seertaak
  The irony of an IP scraper on an absolutely breathtaking, epic scale getting its secret sauce "scraped" - because the whole app is vibe coded (and the vibe coders appear to be oblivious to things like code obfuscation cuz move fast!)...And so now the copy cats can ofc claim this is totally not a copy at all, it's actually Opus. No license violation, no siree!It's fucking hilarious is what it is, it's just too much.
• Menu

  zingar
  I wrote this an hour ago and it seems that Claude might not understand it as frustration:> change the code!!!! The previous comment was NOT ABOUT THE DESCRIPTION!!!!!!! Add to the {implementation}!!!!! This IS controlled BY CODE. *YOU* _MUST_ CHANGE THE CODE!!!!!!!!!!!
• Menu

  ptrl600
  Why didn't they open the source themselves? What's the point of all this secrecy anyway?
• Menu

  simianwords
  Guys I’m somewhat suspicious of all the leaks from Anthropic and think it may be intentional. Remember the leaked blog about Mythos?
• Menu

  amelius
  A few weeks ago I was using Opus and Sonnet in OpenCode. Is this not possible anymore?
• thomasgeelens
  Can somebody tell me what this means for the company?
• Menu

  chadd
  re: binary attestation: "Whether the server rejects that outright or just logs it is an open question"...what we did at Snap was just wait for 8-24 hours before acting on a signal, so as not to provide an oracle to attackers. Much harder to figure out what you did that caused the system to eventually block your account if it doesn't happen in real-time.(Snap's binary attestation is at least a decade ahead of this, fwiw)
• mmaunder
  Come on guys. Yet another article distilling the HN discussion in the original post, in the same order the comments appear in that discussion? Here's another since y'all love this stuff: https://venturebeat.com/technology/claude-codes-source-code-...
• saadn92
  The feature flag names alone are more revealing than the code. KAIROS, the anti-distillation flags, model codenames those are product strategy decisions that competitors can now plan around. You can refactor code in a week. You can't un-leak a roadmap.
• jsrozner
  "and i also wrote this using claude" -- can we just include that at this point?
• jrflowers
  I like that if they decide that your usage looks like distillation it just becomes useless, because there’s no way for the end user to distinguish between it just being sort of crappy or sabotaged intentionally. That’s a cool thing to pay for
• wrkxapp
  why claude bring back 4o u dumb fks
• anon
  undefined
• Menu

  dangus
  Something I’ve been thinking about, somewhat related but also tangential to this topic:The more code gets generated by AI, won’t that mean taking source code from a company becomes legal? Isn’t it true that works created with generative AI can’t be copyrighted?I wonder if large companies have throught of this risk. Once a company’s product source code reaches a certain percentage of AI generation it no longer has copyright. Any employee with access can just take it and sell it to someone else, legally, right?
• anon
  undefined
• barazany
  [dead]
• aplomb1026
  [dead]
• noritaka88
  [dead]
• calebjang
  [dead]
• Jaco07
  [dead]
• skrun_dev
  [dead]
• 68768-8790
  [dead]
• Menu

  OfirMarom
  Undercover mode is the most concerning part here tbh.