Anthropic Source Code Leak Reveals Claude Sonnet 4.8 and Secret Undercover Mode

Anthropic’s proprietary secrets were laid bare on March 31, 2026, when a massive source code leak exposed the inner workings of its Claude Code CLI tool. The breach, originating from a 59.8 MB npm source map file named `cli.js.map` from version 2.1.88 of the `@anthropic-ai/claude-code` package, revealed over 512,000 lines of TypeScript source code spread across 1,900 files. Discovered by security researcher Chaofan Shou, the incident provides an unprecedented look at Anthropic’s unreleased model roadmap, including the first official evidence of a forthcoming model named Claude Sonnet 4.8.

According to Shou, who publicized the find on GitHub, “Claude code source code has been leaked via a map file in their npm registry!” The leak happened just days after a separate report by Fortune on March 26 indicated that nearly 3,000 internal documents had been exposed via Anthropic’s content management system. While Anthropic quickly removed the affected package versions, mirrors of the source code had already been established on various developer platforms.

The Sonnet 4.8 Revelation

The leaked files explicitly reference a model version named `sonnet-4-8`, appearing to confirm that Anthropic will bypass a 4.7 designation for the Sonnet tier. This development follows the release of Claude Opus 4.7 on April 16, 2026. Historically, Anthropic has released its high-performance Sonnet models one to four weeks after their Opus counterparts, suggesting a potential May 2026 launch for Sonnet 4.8.

Expected to inherit vision upgrades and coding proficiencies seen in the recently launched Opus 4.7, Sonnet 4.8 will likely maintain the price point of its predecessor, Sonnet 4.6, at $3.00 per million input tokens and $15.00 per million output tokens. For context, the current flagship Opus 4.7 is priced at $5 per million input tokens and $25 per million output tokens.

Undercover Mode and Internal Secrecy

One of the more ironic discoveries within the leak is a feature titled “Undercover Mode.” This internal secrecy subsystem was specifically engineered to prevent internal Anthropic model codenames and secrets from leaking into public code commits. As noted by analysts on Trending Topics, “They built a secrecy subsystem, then accidentally published everything.”

Anthropic has attributed the incident to a “release packaging issue caused by human error.” Technical analysis suggests a combination of a bug in Bun’s bundler, which generated source maps in a production environment, and a missing `.npmignore` rule. This allowed the unobfuscated source map—essentially a blueprint that maps minified production code back to the original human-readable source—to be pushed to the public npm registry.

Agentic AI and Future Capabilities

Beyond model names, the 512,000 lines of code offer a rare look at Anthropic’s “agentic” AI architecture. Two features, codenamed KAIROS and ULTRAPLAN, were highlighted as major upcoming additions. KAIROS appears to be a persistent agent designed for autonomous monitoring and action, while ULTRAPLAN is focused on complex, long-running multi-step tasks.

The code also contains references to internal model tiers such as “Mythos,” which is speculated to be a new category of models positioned above the current Opus flagship, and “Numbat,” an unreleased experimental model. Furthermore, unconfirmed reports suggest a model codenamed “Claude Jupiter v1” is currently under internal testing, leading some to speculate that Sonnet 4.8 might be rebranded or serve as a precursor to a broader “Claude 5” ecosystem.

Why the Leak Matters

While this leak did not compromise customer data, its impact on Anthropic’s intellectual property is significant. It provides competitors and security researchers with a comprehensive look at how Anthropic handles task planning, execution, and self-correction within its agentic tools. The exposure of 44 unreleased feature flags and internal telemetry data also gives developers an early preview of the tools they will be using in the coming months.

With a developer event scheduled for May 6, 2026, many in the industry are watching to see if Anthropic will address the leak directly or move forward with a formal announcement of Sonnet 4.8 and the “Jupiter” initiative. For now, the incident serves as a stark reminder of the vulnerabilities inherent in modern software supply chains, occurring on the same day as a separate supply chain attack on the Axios npm package.

As the AI industry moves toward more autonomous, agentic systems, the transparency provided by this leak—however unintentional—has set a new baseline for what developers expect from the next generation of large language models.