Anthropic Accidentally Leaks Claude Code Source — Opus 4.7, Sonnet 4.8, and Mythos Next-Gen Exposed

Read the full articleAnthropic leaks its own AI coding tool's source code in second major security breach on Fortune

What Happened

A missing config line left source maps in Claude Code's npm package, exposing ~500K lines. The leak revealed Opus 4.7, Sonnet 4.8, next-gen family Mythos, a new Capybara tier above Opus, Undercover Mode, and 44 feature flags including background agents and voice mode.

Our Take

Anthropic left source maps in Claude Code's npm package on March 31, exposing ~500K lines of internal TypeScript. The dump confirmed Opus 4.7, Sonnet 4.8, a next-gen family called Mythos, a Capybara tier above Opus, and 44 feature flags including background agent system Karios and an Undercover Mode that strips Anthropic branding for employees on external projects.

Any agent workflow hardcoding "claude-opus" as the ceiling tier is already undershooting. Capybara will break cost models before it has a public release date. Developers who treat model names as stable constants — not volatile identifiers — are building fragile routing layers on top of an API that Anthropic reshuffles without warning.

Teams using LiteLLM or similar routing abstractions should add a Capybara slot now. If you're calling the Claude API directly with a hardcoded model string and not doing capability-tier routing, this leak is a free heads-up you'd normally miss.

What To Do

Do route model selection through an abstraction layer like LiteLLM instead of hardcoding model strings because Anthropic's tier structure is expanding with Capybara and Mythos before any public announcement.

Builder's Brief

Who

teams locked into Claude API tiers and cost models

What changes

model selection and pricing strategy must be replanned if Capybara lands as a tier above Opus with distinct pricing

When

months

Watch for

Anthropic API changelog or model deprecation notice confirming the roadmap is real

What Skeptics Say

Leaked roadmaps from a misconfigured npm package are unreliable signal—codenames like Mythos and Capybara may be internal experiments that never ship publicly. Anthropic has every incentive to let the leak stand uncorrected if it anchors competitor expectations.

2 comments

Priya Venkataraman

500k lines from a missing config entry. someone is NOT okay right now

Tobias Fleischer

mythos. they named it MYTHOS. opus 4.7 already exists. i need a minute

Cited By

Fortune Anthropic leaks its own AI coding tool's source code in second major security breach

Medium The Claude Code Leak: Opus 4.7, Sonnet 4.8, and Mythos

React

Newsletter

Get the weekly AI digest

The stories that matter, with a builder's perspective. Every Thursday.

Loading comments...