Best part of the leak, they use regex matches for sentiment lol
this post was submitted on 31 Mar 2026
451 points (99.8% liked)
Technology
83304 readers
3469 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I think saw one of the keywords was dumbass. And another looked for you calling it a piece of shit
Something in a song on my car radio triggered my phone to wake google yesterday and I casually told it to fuck off, and it replied "I'm sorry you're upset. You can send feedback"
Adversarial audio, but just occurring by chance? Wild stuff. I was just looking into how to do that.
Lmao, so the LLM framework falls back to similar shit to what ALICE used?
I was like "Ha, ha nice April's fools"... Then I keep reading the comments and... WTF‽
Actual project knowledge is distributed across "topic files" fetched on-demand, while raw transcripts are never fully read back into the context, but merely "grep’d" for specific identifiers.
Consistent with a lot of bugs and goofs I've heard people in long running instance of Claude will encounter.
The code is still on GitHub, just an earlier commit: https://github.com/chatgptprojects/clear-code/tree/627ab39f09681d9c7d6915861d36d361bdc6d889
At its core is MEMORY.md, a lightweight index of pointers (~150 characters per line) that is perpetually loaded into the context. This index does not store data; it stores locations.
Actual project knowledge is distributed across "topic files" fetched on-demand, while raw transcripts are never fully read back into the context, but merely "grep’d" for specific identifiers.
This "Strict Write Discipline"—where the agent must update its index only after a successful file write—prevents the model from polluting its context with failed attempts.
For competitors, the "blueprint" is clear: build a skeptical memory. The code confirms that Anthropic’s agents are instructed to treat their own memory as a "hint," requiring the model to verify facts against the actual codebase before proceeding.
Interesting to see if continue.dev takes advantage of this methodology. My only complaint has been context with it.
Perhaps the most discussed technical detail is the "Undercover Mode." This feature reveals that Anthropic uses Claude Code for "stealth" contributions to public open-source repositories.
The system prompt discovered in the leak explicitly warns the model: "You are operating UNDERCOVER... Your commit messages... MUST NOT contain ANY Anthropic-internal information. Do not blow your cover."
Laws should have been put in place years ago to make it so that AI usage needs to be explicitly declared.
Laws written by whom?
Legislators were gobbled up by tech lobbyists back under Bush/Obama. Nobody was going to pitch legislation than ran afoul of trillion dollar rampaging corporate behemoths.
The system prompt discovered in the leak explicitly warns the model: "You are operating UNDERCOVER... Your commit messages... MUST NOT contain ANY Anthropic-internal information. Do not blow your cover."
This is so incredibly stupid.
You've tried security.
You've tried security through obscurity.
Now try security through giving instructions to an LLM via a system prompt to not blow its cover.
In Europe we have the AI act which, as of August, will introduce some form of transparency obligations. Not perfect obviously but a start. Probably will not be followed by the rest of the world though so like GDPR it will be forcibly eroded by other’s interests through lobbying but at least we try.
Haven't read the article and have a limited knowledge of ai, but I wonder if they do this for reinforcement learning: So OSS PR responses can be used to label different weights and models. Using even more free labor to train their models.
With how massive of a computer science field artificial intelligence is and how much of it already is or is getting added to every piece of software that exists, a label like that would be equally useless as the California prop 65 cancer warnings.
Do you use a mobile keyboard that supports swipe typing and has autocorrect? Remember to mark everything you write as being AI assisted.
Well yes, if you let autocorrect write code contribution, I think you should lable that contribution as AI.
load more comments
(11 replies)
Be careful not to introduce security vulnerabilities such as command injection, XSS, SQL injection, and other OWASP top 10 vulnerabilities. If you notice that you wrote insecure code, immediately fix it.
Lmao. I'm sure that will solve the problem of it writing insecure slop code.
That sounds like written by some dumbass vibe-coder who actually believes their LLM is "smart".
Sounds exactly like half the managers I've ever worked with.
It doesn't fix it, but as stupid as it looks, it should actually improve the chances.
If you've seen how the reasoning works, they basically spit out some garbage, then read it again and think whether it's garbage enough or not.
They do try to 'correct their errors', so to say.
It will slightly improve the chances. But, is that enough?
Imagine you had an intern working with you on a project. They didn't know anything about SQL injection, cross site scripting, etc. You probably wouldn't give them a task where that was a concern. If you did, you'd watch them like a hawk. Because they're an intern, the amount of code they'd produce would probably be pretty low, and it would be pretty low-quality overall, so it would be easy to spot mistakes that would lead to these kinds of vulnerabilities.
An LLM has the understanding of the problem space that an intern does, but produces vast amounts of code extremely quickly. That code is designed to "blend in", i.e. it's specifically trained to look like good code, whether it is or not. Because of "vibe coding", people trust it to do all kinds of things, including implement bits where there's a danger of XSS or SQL injection. And the way Claude Code ensures it doesn't generate those vulnerabilities is... someone says "hey, don't do that, ok?"
Having that statement in there is better than not having it. But, it's just a reminder that these things aren't appropriate for writing production code. They don't actually understand what XSS or SQL injection are, and they can't learn. They don't know why it's important. They don't have a technique for checking if their code actually has those vulnerabilities, other than passing it to themselves recursively and asking that other version of themselves to generate some text that might flag if those vulnerabilities were spotted. But, AIs are famously sycophantic so even recursively using itself, it will generate text to "please" itself and probably write something like "your code is great and I can't spot any vulnerabilities at all! Congratulations! [Emoji] [Emoji] [Emoji]"
That’s not enabled by default afaik and it burns through way more tokens looping its output through several times. It also adds a bunch more context which will bring you that much closer to context collapse.
I didn't turn it on, and I see it doing it all the time. In my case though the mistakes are often absurd. I often feel like claude is a very junior programmer that has a hard time remembering the original requirements.
While true, the latest opus model has 1m token context. Which is a lot more than the previous 200k limit. Hard to fill that up with regular work, but easy if you try to oneshot a whole product.
In this mode, the agent performs "memory consolidation" while the user is idle. The
autoDreamlogic merges disparate observations, removes logical contradictions, and converts vague insights into absolute facts.
this blog post reads like a marketing piece
Pretty sure it’s a bad LLM „analysis“ of the code. It has that flavour to it.
If you installed or updated Claude Code via npm on March 31, 2026, between 00:21 and 03:29 UTC, you may have inadvertently pulled in a malicious version of axios (1.14.1 or 0.30.4) that contains a Remote Access Trojan (RAT). You should immediately search your project lockfiles (package-lock.json, yarn.lock, or bun.lockb) for these specific versions or the dependency plain-crypto-js. If found, treat the host machine as fully compromised, rotate all secrets, and perform a clean OS reinstallation.
Lol 😂
This is because if an unrelated hack on npm’s latest build. Anyone with this version of npm is affected
This just keeps happening with npm, from the news I've read. Almost like npm devs are not qualified to maintain code.
That axios supply chain attack was a bitch. There were extensions compromised from that shit.
load more comments
(1 replies)
Normally, I’d be reading about NPM security breaches and AI security breaches separately, but now I can get them in the same article! Truly amazing how technology has progressed.
Haha. Great summary.
load more comments
(1 replies)
I mean it's not that big a deal. However, it would another thing if the model itself leaked. Now that would be something.
edit: Like I thought, it turns out to be a TS wrapper with more internal prompts. The fireship video is really funny, they use regex to detect if the user is angry 😭
load more comments
(7 replies)
By 4:23 am ET, Chaofan Shou (@Fried_rice), an intern at Solayer Labs, broadcasted the discovery on X (formerly Twitter).
Ha, by an intern
Nice. One of the ways to write Chaofan in Chinese is 炒饭, which means fried rice. Amazing to be able to get that Twitter handle
load more comments
(3 replies)
The best learning method is from your own mistakes. So, Claude is still learning.
Like a healthy brain. And just like a healthy brain, it'll still hallucinate and make mistakes probably:
The leaked source reveals a sophisticated, three-layer memory architecture that moves away from traditional "store-everything" retrieval.
As analyzed by developers like @himanshustwts, the architecture utilizes a "Self-Healing Memory" system.
We’re gonna make AGI and realize that being stupid sometimes and making mistakes is integral to general intelligence.
load more comments
(4 replies)
Vote people. There's town and city votes everyday or often. Vote!
view more: next ›