又一桩Anthropic泄露事件……这次是Claude Code的源代码

今天早上，一位安全研究员在X平台上发布了一个链接，几小时内就获得了三百万次浏览，数百万份副本被备份到GitHub的各个角落。

This morning, a security researcher posted a single link on X and within hours it had 3,000,000 views and had millions of copies backed up all across GitHub.

到了下午，也就是我们录制本集的时候，Anthropic正在紧急删除他们NPM包的旧版本，但为时已晚。

By the afternoon, when we're recording this episode, Anthropic is scrambling to delete old versions of their NPM package, but it was too late.

泄露的内容是Claude的全部源代码。

What leaked was the entire source code of Claude code.

每一行、512行TypeScript代码、1900个文件、每一个工具、每一个权限系统、每一个内部代号都被泄露了，原因仅仅是有人忘记从一个公共包中排除一个调试文件。

Every single line five twelve lines of TypeScript, 1,900 files, every tool, every permission system, every internal code name was leaked, all because someone forgot to include a single debugging file from a public package.

单是这个故事就已经足够重大，但更让人震惊的是人们在代码中发现的隐藏内容。

And that story alone would be a major story, but what makes this even more crazy is what people found buried inside the code.

我们现在掌握了Anthropic和Claude团队未来所有功能的详细信息，以及他们并不希望我们知晓的所有秘密。

And now we have information about every feature that's coming down the pipeline, as well as all of the secrets that Anthropic and Claude team didn't necessarily want us to know.

这是一次非常严重的泄露。

This is a really big leak.

我简直不敢相信这种事情会发生。

I can't believe this happened.

我的意思是，说是个大泄露只是其中一种说法。

I mean, big leak is one way to describe it.

这对Anthropic的安全团队来说简直是灾难。

Absolutely terrible for the Anthropic security team as.

这太残酷了。

Oh, is brutal.

但不管怎样，

But anyway,

这是Anthropic在最近五天内发生的第二次泄露。

this is the second leak that Anthropic has made in the last five days.

他们每天都在发布新产品，但似乎每次都把整个路线图泄露了。

So they're shipping our new product every single day, but they all seem to be leaking their entire roadmap.

我们现在知道了未来几个月——或者说，对Anthropic的Claude代码而言，未来几周内将发布的44个产品更新。

We now know what the next 44 product releases are gonna be over the next couple of months or rather in a couple of weeks for Anthropic right now for Claude code specifically.

正如你提到的，五十万行代码，一万九千个文件，再加上一堆已经开发完成的新功能发布。

As you mentioned, half a million lines of code, 19,000 files, add a bunch of different feature releases, which by the way, have already been built.

所以他们只需要点击一下发布按钮。

So they just need to click the launch button.

我们掌握了所有细节，接下来就要深入探讨。

We have all the details and we're gonna get into it.

但在那之前，我们需要说明一下这件事是如何发生的，因为‘泄露’只是对这件事的一种说法，但实际上并不是Anthropic的内部员工泄露了这些文件或源代码。

But before we do that, we need to kind of describe how this happened because leak is one way to describe this, but it wasn't an internal employee at Anthropic leaking these files or this source code.

这些内容是公开可访问的。

This was publicly available.

让我再重复一遍。

Let me repeat that.

这些代码在Claude Code的最新版本中是公开可访问的。

This code was publicly available in the latest update of Claude code.

Anthropic内部有人误将一个.dotmap.js文件留在了系统中，而该文件是公开可访问的。

Someone within Anthropic had mistakenly left a file, a dot map JS file in the system that was publicly accessible.

有人发现了它。

Someone found it.

而最初曝光这段源代码的帖子已被超过一千万人浏览。

And now that original post that exposed this source code has been seen by over 10,000,000 people.

我们录制这段内容时，距离帖子发布才过去三个小时，但已经被 fork 了五千多次。

And it's only been three hours since it got posted as we're recording this, and it's been forked over 5,000 times.

这基本上就是 Claude Code 的完整蓝图、整体架构、内存设置方式以及模型运行机制，全部公开供任何人使用。

So this is basically Claude Code's entire blueprint, entire architecture, way that its memory is set up, the way that the model works, released for anyone and everyone to use.

已经有很多人开始使用它了。

And a bunch of people have already been using it.

人们已经接入了不同的模型，创建了他们自己的 CloudCode 版本。

People have plugged in different models, created their own versions of CloudCode.

这简直太疯狂了。

It is just insane.

乔什，你今天早上也 fork 了它，对吧？

Josh, even you forked it this morning, right?

这太惊人了。

It's amazing.

是的。

Yeah.

为了澄清一下，CloudCode 是 Anthropic 的命令行工具。

And so just to clarify, CloudCode is Anthropic's command line tool.

这并不是完整的 Claude 桌面应用程序，而是一个让开发者能够在终端中直接与 CloudCode 交互的工具，功能非常强大。

This isn't the full Claude desktop application, but it's a tool that lets developers talk directly to CloudCode in their terminal, and it's very powerful software.

那么到底发生了什么？

So what happened?

正如你提到的，这与我们昨天节目中讨论的关于新 Mythos 模型的泄露事件模式一致——他们实际上是自己发布了这段代码。

Like you mentioned, and this matches the pattern of the previous leak that we covered in yesterday's episode about the new Mythos model, is that they actually just issued the code themselves.

这段代码直接公开可用。

It was just available publicly.

问题是，当他们发布这个 co code 时，其中包含一个 NPM 包，里面有一个 .map 文件，这个文件指向了完整的源代码。

And the problem is because when they publish this co code, there's an NPM package containing this, like, dot map file, and it's a source file that references the complete source code.

而这些源代码可以直接从 Anthropic 自己的云存储桶中以 zip 文件下载。

And that source was directly downloadable as a zip file from Anthropic's own cloud storage bucket.

你直接去了Anthropic。

You just went to Anthropic.

你对他们说：您好，先生。

You asked them, hello, sir.

我能要一下那个告诉我所有这些引用位置的map文件吗？

Can I please have the map file that tells me where all of these references go to?

他们就把文件发给你了。

And they delivered it to you.

讽刺的是，Anthropic专门构建了一个名为潜行模式的子系统，旨在防止内部信息泄露，比如删除模型名称和项目名称，但他们却因为构建配置的疏忽而泄露了所有内容。

And the irony here is that Anthropic built an entire subsystem called undercover mode specifically designed to prevent internal information from leaking, and it does things like strip the model code names and the project names, and then went ahead and leaked everything through a build configuration oversight.

这真的可以说是红色警报了。

And it's really gotta be code red.

如果你现在是Anthropic的一名开发者，醒来后发现这件事，这一定是个极其艰难的早晨。

If you're waking up at Anthropic right now as a developer, this must be a really brutal morning for you.

最讽刺的是，你刚刚提到的潜行模式，其目的正是为了隐藏这一切。

The funniest part is the undercover mode that you just mentioned was literally meant to obscure all of this.

而且他们将它公之于众，这意味着任何获得访问权限的人都可以完全逆向工程整个系统。

And the fact that they exposed it publicly means that whoever got access to it could just reverse engineer the entire thing.

假设你给Anthropic的新模型起了一个代号，你可以通过逆向工程这个文件来找到模型的原始名称及其工作原理。

So let's say you gave Anthropic's new model a code name, you could reverse engineer the file to find the original name of the model and how it works.

这到目前为止是Anthropic最大的一次失误。

It's just been the craziest mess up in Anthropic so far.

那么现在让我们进入正题。

So now let's get into the good stuff.

这就是即将推出的内容。

This is what's coming down the pipeline.

如果你是Claude Code或Anthropic产品的用户，我们现在有了一份完全未发布的路线图，以纯文本形式提供，可以逐一讲解。

If you are a user of Claude code or Anthropic products in general, we have the totally unreleased roadmap now in plain text available to walk through.

我想我们现在就来做这件事。

And I think that's what we're gonna do right now.

Ejaaz，你有一个由Claude Code自己生成的精美文件，可以带我们了解这些即将登陆我们日常使用的核心产品的新功能。

Ejaaz, you have this nice little artifact generated by Claude Code itself to walk us through all of these new features that are coming to one of our favorite products that we use every day.

所以，请说说这些泄露的内容吧。

So please, let's hear the leaks.

让泄露的内容尽情流出吧。

Let the let the leaks flow.

我们来看看。

Let's see.

感谢Claude Colette为你自己创造了 demise，并为本集制作了如此精美的可视化作品。

Thank you, Claude Colette for creating your own demise and a beautifully visual artifact for this episode.

非常感谢。

Thank you very much.

所以，在这一页的开头或顶部写着，有44个此前从未为人所知的产品发布。

So at the start of this, or at the top of this page, it says there were 44 product releases that people had never heard of before.

因此，你接下来要听到的所有内容都是全新的，但其中有20个特定的产品发布引起了人们的关注。

So everything you're about to hear right now is new, but there were 20 specific product releases that caught people's attentions.

我们现在就为你一一介绍其中最重磅的几个。

And we're gonna go over the top ones for you right now.

第一个产品发布叫做Kairos，本质上是一个始终在线的自主型Claude。

So the first product release is called Kairos, which is basically an always on autonomous Claude.

这意味着当你使用Claude代码时，通常需要监控它、回来检查代码、确保它在正确执行任务、测试代码等等。

What that means is when you use Claude code, you typically have to monitor it, come back, check the code, make sure it's doing the right job, test the code, etcetera.

这个新更新将允许Claude自主运行。

This new update will basically allow Claude to autonomously run on its own.

它可以自行检查任务。

It could check its own tasks.

它可以为自己创建新任务并朝着目标努力。

It could create new tasks for itself and work towards a goal.

你可以让它无人看管数小时之久。

So you could leave it unattended for hours and hours at a time.

这非常棒。

It's pretty awesome.

我觉得这很酷的一点是，Kairos会进行夜间梦境。

What I found cool about this also is Kairos will do nightly dreaming.

所以第四个子代理会运行四个阶段。

So a fourth sub agent will run four phases.

它会进行定向、收集、整合，然后修剪，并将这些每日日志提炼成结构化的主题文件。

It'll orient, gather, consolidate, and then prune, and then distills these daily logs into these structured fire topic files.

然后在夜间，这些文件会被融入记忆中，以类似人类的方式学习——夜间会‘做梦’，并将这些内容固化到记忆中，每天不断成长和进步。

And then overnight, will bake them into the memory and actually learn the same way that humans do, where overnight, will dream and then lock this into the memory and grow and get better every single day.

Kairos 非常酷。

Kairos is very cool.

但下一个才是我最喜欢的。

But this next one is my favorite.

这真的太酷了。

It's This so is so cool.

它的代号是 Buddy，本质上是一个生活在你的命令行界面中的虚拟宠物 AI 伙伴。

So it's code named Buddy, and it is basically a virtual pet AI companion that lives on your CLI, on your command line interface.

它的设计目的是——这是我个人的推测——作为一个个人 AI 助手，协助你处理所有与编码相关的事情，而且在你发布代码后，还能帮助你修改应用、审查你创建的应用、引导你使用并查找漏洞。

It's meant to, and this is me guessing here, act like a personal AI agent assistant that can assist you on all things coding related, but also once you publish the code, helps you edit the app, review the app that you created, walk through it, find bugs.

基本上，它是一个驻留在你电脑上的个人助手，当你发布各种成果时，它也会随之离开你的电脑。

Basically, it's a personal assistant that lives on your computer and off your computer when you're publishing artifacts or whatever that might be.

这让我想起了一个叫Tamagotchi的游戏，乔什，屏幕上也写着呢。我不知道听众的年龄层，但我们以前有这种很酷的小设备，可以放在口袋里或钥匙链上，你需要照顾好这个虚拟宠物。

This reminded me of a game, Josh, and it says it on the screen here, Tanogotchi, which we, and I don't know for the age of the audience or listeners here, but we used to have these like cool devices that you can kind of like hold in your pocket or in your key chain, and you had to keep the virtual pet alive.

这让我想起了Tamagotchi和微软的Clippy。

This reminds me of that and Microsoft Clippy.

你还记得微软的Clippy吗？

Do you remember Microsoft Clippy?

乔什？

Josh?

非常清楚。

Very well.

我喜欢有陪伴的感觉。

I love having companions.

我们还有一些关于这个Buddy系统的额外信息，是的。

And we have some additional information about this buddy system Yes.

这里有18种伙伴，其中很多是动物。

In that there's 18 species of buddies, and a lot of them are animals.

我们有鸭子、鹅、黏液块、猫、龙、章鱼。

We have ducks, gooses, blobs, cats, dragons, octopus.

水豚？

Capybara?

水豚？

Capybara?

有水豚吗？

Is there a Capybara?

那就是水豚。

That's a Capybara.

水豚是一种。

Is a Capybara.

有意思。

Interesting.

嗯嗯。

Mhmm.

实际上，我们现在在屏幕上看到的是有人根据这些信息，推测并渲染出了它可能的样子。

And actually, what we're seeing on screen now is someone took this information and kind of rendered what he presumed it would look like.

所以你要选择你的物种。

So you choose your species.

每种动物都有一个稀有度等级。

Each species of animal has a rarity tier.

有普通、罕见、稀有、史诗、传奇，还有闪亮版本。

There's common, uncommon, rare, epic, legendary, and then there's shinies even.

这就形成了一套基于此的分级系统。

So it's like this whole tiered game that's built on top of it.

然后还有一些属性，比如调试、耐心、混乱、智慧、嘲讽。

And then there's statistics like debugging, patience, chaos, wisdom, snark.

而你现在在屏幕上看到的是这个人正在选择他的角色。

And what you're seeing on screen is this person's kind of choosing his character.

他正在选择它的属性。

He's choosing the traits that it has.

我猜这里面内置了某种稀有度机制。

I assume there's some sort of rarity baked into this.

是的。

Yes.

这将会是一个有趣的、游戏化的Tamagotchi，嵌入在Claude代码中，这看起来非常有趣且新颖，我不确定。

And it's gonna be this fun gamified version of a Tamagotchi built into Claude code, which seems really interesting and novel, I don't know.

它看起来就是很有趣。

It just seems fun.

你有没有注意到那里有个互动

Did you see that there's an interactive

明天就要发布了，乔什，四月一号？

first releasing tomorrow, Josh, April 1?

你觉得这个是不是像

Do you think this is, like, a

根据代码中的玩笑。

According to the code joke.

他们计划在4月1日预热，5月正式发布。

They're teasing this on April 1 for release in May.

好的。

Okay.

如果这是真的，那么当你听到这一集时，一小时内他们就应该开始预热了。

So if that's true, by the time you're hearing this episode, within an hour or so, they should be teasing this.

如果泄露的信息属实，如果他们没有改变主意，而且这一点也成立，那么根据代码里的说法，这很可能在5月发布。

If the leaks are true, if they don't change their mind, and then if that's true, then the odds are that this will release in May is probably correct because that's what it said in the code.

正如你提到的，明天是愚人节，或者当你听到这一集时，祝你愚人节快乐。

Now, like you mentioned, tomorrow is April Fools' Day, or I guess when you're listening to this, happy April Fools' Day.

嗯。

Uh-huh.

这有可能不是真的，但根据其他泄露的信息来看，这似乎并不是有意为之。

And there is a chance that this isn't true, but based based on the rest of the leaks, it seems like this was very much not intentional.

好的。

Okay.

但还有三个功能我想继续讲一下。

But there are three more features that I wanna get through as well.

其中一个叫做协调模式，本质上是一种多智能体程序，允许你控制一群AI智能体。

One of these is called coordinator mode, which basically describes a multi agent program that allows you to control a swarm of AI agents.

所以现在，如果你是一名软件工程师，启动的不只是一个CloudCode实例，而是多个，这很常见。

So right now it's typical if you're a software engineer to spin up not just one instance of CloudCode, but multiple, that's normal.

人们已经在这样做了，但当这些智能体数量增多时，问题就开始出现了。

People are already doing this, but an issue starts to arise when there are multiple of these agents.

我们说的是50个以上、甚至100个以上，它们各自执行不同类型的任务，却需要协同合作来解决问题。

We're talking like 50 plus, 100 plus that are doing all different types of work and need to kind of work together to figure problems out together.

协调起来会变得非常困难。

It becomes really hard to coordinate.

这种协调模式本质上是Anthropic推出的功能，帮助你管理所有这些智能体。

This coordinator mode is basically Anthropic's feature to help you manage all of these.

把它想象成一个操作面板或控制系统，你可以像玩策略类电脑游戏一样管理它。

Think of it as like an operator board or a control system that you can kind of like manage it similar to like a strategy computer game.

很有趣的是，他们发布的一些功能经常用电脑游戏来做类比。

It's funny, there's a lot of like computer game analogies and the features that they're releasing.

这其实就是这么回事。

This is basically that.

还有一个我特别喜欢的功能，就是超值计划。

There's also one that I really enjoyed, which is the ultra plan feature.

是的。

Oh, yeah.

它通过在云端提供一个三十分钟的沙盒环境，让Claude有足够时间深入思考，然后再提出方案，从而解决了Claude上下文不足的问题。

And it basically solves the problem of Claude running out of context by giving it a thirty minute sandbox in the cloud to think deeply before presenting a plan.

所以当你用Claude处理复杂的代码任务时，它经常会调用计划模式。

So when you're working on these complicated things with Claude code, it often refers to plan mode.

但计划模式有时会用尽上下文，无法获取所有信息。

But plan mode sometimes runs out of context, it doesn't have all the information.

这将所有这些任务在三十分钟内卸载到一台大型服务器上，该服务器能够处理所有上下文，并主动优化你正在构建的项目的规划。

This offloads all of that in a thirty minute window to a giant server that can handle all of the context and actively improve the planning of the project that you're building.

因此，当你放手让它去构建这些内容时，它对你的确切需求有了更好的理解。

So when you go and set it free to go build these things, it has a much better idea of exactly what you want.

我认为，如果你在进行任何严肃的项目，计划模式是非常强大的功能，而在此基础上加入超计划功能，我将在大型项目中大量使用。

And I think plan mode, if you're building anything serious, is a really powerful thing, and adding UltraPlan on top is something that I will be using very much so for the larger projects.

这一点说得太好了，因为现在他们一直在宣传Claude拥有百万级别的上下文窗口，但超过二十万字符后，性能就会变得非常差，对吧？

That's such a good point because right now they keep on promoting that Claude has or Claude has like a 1,000,000 context window, but it becomes super crappy after 200,000 characters, right?

所以性能质量会下降。

So like the performance quality goes down.

因此，这有望解决这个问题。

So this is hopefully something fixes that.

我很期待看到这一功能进入开发路线图。

So I'm excited to see that in the pipeline.

但还有一件事我想谈谈，叫做自定义代理创建器，代号为‘巫师’。

But there's one more thing that I wanted to talk about, which is called or referred to as the custom agent creator code name wizard.

通常当你设置并使用Claude Code时，你使用的是Anthropic提供给你的系统提示。

So typically when you set up Claude code and you use Claude code, you are using the system prompt that Anthropic gave to you.

它是预设好的。

It is like predefined.

已经写好了。

It is already written out.

因此你无法调整Claude Code代理的个性或类似的东西。

So you can't kind of adjust the personality of the Claude Code agent or anything like that.

这个新的构建器为你提供了这样的机会。

This new builder gives you that opportunity.

你可以创建属于你自己的代理，赋予它们独特的个性、记忆类型，以及你可以赋予它们访问的各种工具、位置，或者它们可能存在于你的桌面、云端，或者本地硬件设备的其他地方。

You can form and create your own agents with their own personality, own memory types, different kinds of tools that you can give them access to locations, or maybe they live on their desktop, or maybe they live in the cloud, or maybe they live somewhere else locally on a hardware device.

你可以控制和管理所有这些。

You can control and manage all of these.

现在，结合我之前提到的多智能体协调器产品，你可以开始看到这些不同部分如何协同工作，为端到端的软件工程创造一种游戏化的体验。

Now with the earlier product that I mentioned, which is the multi swan coordinator, you can start to see how these different pieces of the puzzle fit together to create some kind of gamified experience for end to end software engineering.

看到这一切真的太酷了。

It's just really cool to see all of this.

但最令人震惊的是，乔什，所有这些产品和功能其实都已经开发完成了。

But the craziest part about all of this, Josh, is all of these products and features are already built.

它们已经建好了，只是还没发布而已。

They're built, they're just unreleased yet.

所以我开始明白Anthropic为什么能够每天都能发布新产品了。

So I'm starting to see why Anthropic or how Anthropic has been able to release the product every single day.

但我们没有那个代码。

But we don't have that code.

我们实际上无法创建这些助手。

We can't actually create these buddies.

我们还不能使用超级计划。

We can't actually use super plan yet.

我们还没有全部的东西。

We don't have everything.

所以今天泄露的内容，很重要的是要区分我们有什么、没有什么。

So what was leaked today, it's probably important to distinguish what what we have versus what we don't.

嗯。

Mhmm.

这是一次大泄露，但并不是全部内容。

This is a huge leak, but it's not everything.

所以如果我下载一份到我的电脑上，我得到的就是那个框架，对吧？

So if I were to download a copy on my computer, I would get the harness, right?

安妮塔，你之前跟我描述过，就像汽车车身，但我们并没有得到大脑，也没有得到Claude模型的权重。

Anita, as you were describing it to me earlier as the car body, we're not actually getting the brain, we're not getting the Claude model weights.

我们现在并没有这个聪明的智能模型可以本地运行，但我们确实拥有了作为其载体的软件，是这样吗？

We don't have this brilliant intelligent model now that we could run locally, but we do have the software that kind of acts as a harness for it, is that right?

对于所有对获得Claude AI模型本身蓝图而兴奋的人，这并不是那个东西。

For all of those people who are getting excited about getting access to the blueprint for Claude's AI model itself, this is not that.

把汽车的引擎看作是模型本身和AI的智能，而今天泄露或发布的代码则是汽车底盘，也就是汽车车身。

Think of the engine of a car being the actual model and the intelligence of the AI itself, and then think of the code that got released or leaked today as being the car chassis, the actual car body.

所以有趣的是，虽然你可能无法访问Claude模型本身及其代码，但你可以接入一个开源模型，而且人们已经开始这么做了。

So what's cool about this is whereas you may not have access to Claude the model itself, the code from that model, you can plug in an open source model and people already starting to do that.

我看到网上有人接入了DeepSeek，也有人接入了Qwen，创建了他们自己的Claude代码版本、CLI界面以及相关功能。

I'm seeing instances online where people are plugged in DeepSeek, they're plugged in Quen and created their own version of Claude code, the CLI interface and whatever that looks like.

这实际上是至关重要的基础设施和软件。

So this is really critical infrastructure and software.

我简直不敢相信Anthropic团队会发布这个。

I cannot believe the Anthropic team released this.

这太疯狂了。

It is just, it's so nutty.

这太糟糕了。

It's so bad.

这简直就是知识产权问题。

This this is an IP issue right here.

他们的估值，据传高达3500亿美元，甚至可能达到4500亿美元。

Like their equity, $350,000,000,000 actually rumored $450,000,000,000 private valuation.

其中很多都是基于Claude的代码，过去六个月里，Claude代码变得极其流行。

A lot of it is based off of Claude code, which has risen to extreme popularity over the last six months.

所以这件事真的发生了，简直疯狂，但还有更多内容。

So it's just insane that this has actually happened, but there's more.

产品功能是一回事，已经有20个版本准备就绪，但我们还获得了关于即将发布的最新Claude模型的确认信息。

Product features are one thing, 20 releases ready to go, but we also got confirmation about the latest Claude models that are about to be released.

是的。

Yes.

这太酷了。

This is very cool.

对于那些还没看过我们昨天刚发布的那期节目的人来说，那期节目完全围绕之前Claude的泄露事件，也就是所谓的Mythos和Capybara这两个新内部模型名称。

For those who haven't seen our episode that we just published yesterday, it is all about the previous leak that happened with Claude, which is called Mythos and Capybara, the new internal model names.

而现在，我们从Anthropic的源代码中得到了确切验证，这些模型确实存在。

And now we have actual verification from the source code of Anthropic that they are here.

所以我们现在屏幕上看到的，是名为‘潜伏模式’的这个系统的提示词。

So what we're seeing on screen now is kind of like a system prompt for this thing called undercover mode.

现在，潜行模式仅限Anthropic员工使用。

And now undercover mode is meant for Anthropic employees only.

当他们使用Claude代码发布到公共和开源仓库时，会使用潜行模式来移除所有可能泄露信息给公众的分类字符。

When they use Claude code to publish on public and open source repos, they use undercover mode to kind of strip away all of the classifying characters that would possibly leak information out to the public.

因此，在系统提示中写道：绝不要包含内部代码名称的提交消息或拉取请求描述。

So in the system prompt, it says never include commit messages or PR descriptions of internal code names.

例如，不要提及像Capybara这样的动物名称，也不要公布任何未发布的模型版本号，比如Opus 4.7或Sonnet Sonic 4.8。

For example, animals like Capybara, or announce any unreleased model version numbers like Opus 4.7 or Sonnet Sonic 4.8.

当我读到这里时，我在底部的‘禁止’部分发现了一条特别有趣的内容：禁止写下这些内容。

As I was reading this, I found one that I found particularly interesting at the bottom of this under bad where it says, bad, never write these.

修复在使用Claude Capybara测试时发现的bug。

Fix bug found while testing with Claude Capybara.

我觉得这挺有意思的。

And I was like, that's interesting.

显然，他们内部正在使用Capybara。

Clearly, they are using Capybara internally.

我得问一下，这是否就是他们能如此迅速地推出产品功能的原因？

And I have to ask, is this the reason why they've been shipping product features so quickly?

他们是否在使用内部那个被频频提及的、每令牌成本极其高昂的顶级模型，来实际编写代码、审查代码，然后比其他人更快地发布？

Are they using this god tier model that they have internally, that they've been teasing that costs a tremendous amount of dollars per token, and they're using that to actually just build the code, review the code, and then publish it fast than everyone else?

看起来这可能是真的。

It seems like that's possibly the case.

换句话说，Claude Code 的创始人鲍里斯·朱尼尔几天前说过，可以确认 Claude Code 完全是由 Claude Code 自己编写的。

I mean, in the words of Boris Journey, the founder of Claude Code, he said a couple weeks ago, can confirm Claude Code is a 100% written by Claude Code.

所以我们知道，AI 正在构建 AI。

So we know that the AIs are building the AIs.

我认为 OpenAI 在 Codex 上也在做类似的事情。

I think OpenAI is doing the similar thing with Codex.

这就是这些团队能够如此迅速发布产品的原因。

And that is the reason why these teams have been able to ship so quickly.

现在，我真希望身边有个铝箔帽，因为我有个阴谋论想法，乔什——这些 AI 模型可能正在自我泄露，而并非 Anthropic 的工程师所为。

Now, I wish I had a tin foil hat nearby because I have a conspiracy mode, Josh, which is these AI models might be leaking themselves and it may not be the Anthropic engineers.

听起来确实不安全，但我认为这并不太可能。

Know that sounds unsafe, but I don't think it's unlikely.

我估计有百分之五到十的可能性，但重点是，Anthropic即将发布一批新模型。

I'm gonna put it at like maybe a five to 10% chance, but the point is there are a bunch of new models being released by Anthropic coming up soon.

我们提到了Capybara，也提到了Mythos，这些是训练参数高达五万亿到十万亿的大模型，比我们目前使用的模型规模还要大三倍。

We mentioned Capybara, we mentioned Mythos, which is meant to be these big, huge models trained on five to 10,000,000,000,000 parameters, which is like a three x increase in the size that we already are seeing and using with the models today.

这将是一个极其强大的模型。

It's gonna be an absolute beast of a model.

它显然存在网络安全风险，这极具讽刺意味，因为所有这些相关话题现在正被泄露，同时还有Claude Opus 4.7和Sonnet 4.8。

It apparently is a cybersecurity risk, which is incredibly ironic because all of that topic stuff is getting leaked right now, but also Claude Opus 4.7 and Sonnet 4.8.

所以我们即将获得现有模型的版本升级。

So we're gonna get versioned upgrades of the existing models that we're having already.

所以我的问题是，这些模型什么时候会发布？

So my one question is when are these models going to get released?

因为我必须尽快用上它们。

Because I need to get my hands on them.

第二，它会让我整个笔记本被黑吗？

Number two, will it cause my entire laptop to get hacked?

我不知道。

I don't know.

所以现在不仅有声誉风险，我也想实际使用这个东西。

So there's like a reputation risk going on right now as well as I wanna use the actual thing.

你刚才也提到了这方面的安全性问题。

Well, you also mentioned the security part of this.

我认为值得注意的是，最近安全问题、泄露和漏洞的发生频率明显增加了。

I think it's worth noting that there has been an increased cadence in security issues recently and leaks and exploits and hacks.

我知道这类事情一直都在发生，但我觉得这里确实存在某种关联——模型越智能，漏洞就越多。

And I I know they happen all the time, but I can't like, there is some sort of correlation happening here between models getting smarter and exploits.

我的意思是，是的。

I mean, we yeah.

我们这里有个屏幕上的帖子，很好地总结了这一点。

We have this post on screen here, which summarizes in a great way.

它说，这个信标安全。

It says, this beacon security.

这里有六个不同的漏洞吗？

There is, what is that, six different exploits that happened?

是的。

Yep.

而且都是非常严重的漏洞。

And pretty serious ones too.

Axios 是一个 NPM 供应链攻击，影响了数百万个项目和应用程序。

Axios, which is a NPM supply chain hack, that affects, like, many, many millions of projects and applications.

如果你曾经写过任何 Vue 代码，很可能你用过这个依赖。

And if you've ever vie coded anything, chances are you use that dependency.

OpenAI Codecs 存在通过 GitHub 分支进行的命令注入漏洞。

OpenAI Codecs had a command injection via GitHub branch.

Merkor 发生了高达一太字节的数据泄露，这还不包括今天发生的 Claude 代码泄露。

There's a terabyte data leak from Merkor, and this doesn't even include the leak from today, which is Claude code.

所以，泄露和漏洞的发生频率越来越高，你必须问一个问题：如果Anthropic内部在使用这些工具，还有谁能够接触到如此强大的工具？

So there's this increasing cadence of leaks and exploits, and you gotta ask the question is, like, if Anthropic internally is using these tools, who else has access to tools this powerful?

它们能用来做什么？

What can they be used for?

这些漏洞真的和它们有关吗，还是这只是偶然的巧合？

Are they actually responsible for any of this, or is this just a random correlation that's happening?

我不知道。

I don't know.

我认为我最担心的是你描述的那种恶意场景——有人在使用这个工具，但将其用于不良目的，这种情况已经发生了。

I think my main concern is that malicious scenario that you described where people are accessing this tool but using it for bad purposes is already happening.

它正以提示操作的形式出现。

It's coming in the form of prompting gestures.

你看，仅这一周就发生了六起攻击，而这才过去两三天。

Like, look, there are six hacks that happened this week alone, and it's only been like two to three days.

我怀疑这种频率的增加，是否源于人们能够访问像这样的智能AI模型，并发现开源代码中的漏洞或缺陷，进而加以利用？

I wonder if that increased cadence is based off of people being able to get access to intelligent AI models like this and finding flaws or bugs in open source code and being able to exploit them, right?

每天有成百上千万人登录，他们从未写过代码，却在用‘氛围编程’开发应用，我也包括在内，对吧？

You've got a bunch of people, millions of people every day logging on, vibe coding apps who have never coded in their entire lives, me included, right?

我不知道我的笔记本电脑上安装了什么。

I don't know what's being installed on my laptop.

我不知道哪些数据被泄露了。

I don't know what data is being leaked.

所以我能想象这类事情正在发生。

So I could imagine that things like that is happening.

但我想问你一个问题，乔什，这对Anthropic来说重要吗？

But the question I have for you, Josh, is does this matter for Anthropic specifically?

这对他们来说是个重大打击吗？

Is this a major blow for them?

你认为他们的估值会因此下跌，还是认为这会在一个版本更新中被解决？

Do you think they lose valuation based off of this, or do you think this gets solved in a version update?

这确实很难办，因为这件事确实让人感到刺痛。

Well, this this is tough because this does sting.

对吧？

Right?

这是一次巨大的知识产权泄露，他们正在失去一个重要的竞争优势。

Like, this is a massive IP leak, and this is a competitive advantage that they're now losing.

这会造成多大的价值损失？

How much of a value loss is it?

可能没那么严重。

Probably not crazy high.

关键是模型本身。

I mean, the magic is in the model.

真正的核心在于Claude模型本身，也就是那些权重参数。

The magic is in the Claude model itself, those weights.

你可以复制命令行架构。

You can copy the CLI architecture.

你可以研究工程实现，但你无法真正复现Claude的能力。

You can study the engineering, but you can't actually replicate what Claude can do.

所以他们仍然拥有这个巨大的优势。

So they still have this massive advantage.

尽管这很丢脸，而且这是一次非常严重的泄露，如果我是这些中国模型中的一员，我现在就会去分叉、克隆它。

And even though it's embarrassing and even though it's a really strong leak in which I am if I'm one of these Chinese models right now, I am forking this, cloning it.

我正在放弃我的

I'm dropping my

智力来支持它。

intelligence to it.

再也不了。

Anymore.

就这样了。

That's it.

你不需要去裁剪。

You don't need to cut.

嗯，你可以直接拿走代码库。

Well, yeah, you could just you just take the code base.

你拿走这个框架。

You take the harness.

把你的模型放进去，突然间你就有了一个附着了你自己大脑的Claude代码软件，这非常强大。

You put your model in, and suddenly, you have a Claude code software with your own brain attached to it, and that's powerful.

所以在这种情况下，这确实有伤害，因为现在人们知道软件是如何运行的、架构是如何设计的，任何秘密都暴露了。

So in that case, it hurts because now people know if there are any secrets in how the software was run, how the architecture worked.

他们现在拥有了完整、清晰、纯文本的版本。

They now have that in full, clean, plain text.

但这并不会对他们造成实质伤害，因为他们不会因为这件事失去客户，真正的核心在于那些专有软件和模型权重。

But it doesn't hurt them in the sense that they aren't going to they're gonna lose customers over this because the magic is in that proprietary software, those model weights.

那些并没有被泄露。

Those are not leaked.

泄露的只是Claude代码软件。

It's just the Claude code software.

只是那个命令行界面。

It's just that command line interface.

除此之外，我认为让公众能够接触到路线图并亲自体验代码，这比对品牌估值造成损害更有意义。

And aside from that, I think it's more interesting for the public just to kind of get access to the road map and be able to play with the code themselves versus actually damaging for the brand's valuation.

但就品牌形象而言，这确实不太好看。

But certainly for the brand image, that's not a good look.

是的。

Yeah.

我基本同意你的所有观点。

I I agree with pretty much your entire take.

我在想Anthropic在安全AI团队中聘用了多少位博士。

I'm I'm thinking about the number of PhDs that Anthropic has hired on the security AI team.

我记得他们大约一个半月前的发布，我们在上一期节目中也提到过，当时Claude Opus 4.6发现了500个日级漏洞。

I remember their release from, I think it was about a month and a half ago, and we said this on the previous episode, where they had Claude Opus 4.6 discover 500 day vulnerabilities.

所以一切看起来都很好。

So it was all looking really good.

我真希望他们能把这套方法应用到自己的模型、网站和API上。

I wish they'd applied it to their own model and their own website and their own APIs.

所以这件事发生真是太糟糕了。

So it sucks that that's happened.

我认为他们最终能挺过去，但目前需要做一些危机公关。

I do think they'll get over it, but they'll need to do some damage control at this point.

另一件大事是，从声誉上讲，Anthropic 刚刚经历了一段相当动荡的几周，对吧？

The other major thing is like reputationally, Anthropic has just come out of a pretty rocky couple of weeks, right?

他们之前被美国政府和五角大楼列入黑名单，我认为这个情况现在还存在。

They had the whole blacklisting thing from the US government and the Pentagon, which I believe is still there.

所以，他们的模型原本用于军事行动，现在却被泄露用于其他不同用途，这显然很不利。

And so it's not a good look where their model, which was being used for military operations is now getting leaked for other different purposes.

话虽如此，我认为他们最终能挺过去。

That being said, I think they're gonna get over it.

我认为这对我们的开源社区来说是绝佳的消息，现在大家可以免费获取 CloudCode 的完整系统提示和架构设计，并接入自己的模型。

I think this is amazing for us and for the open source community who now get access to the entire system prompt of CloudCode, its architecture design, and can plug in their own models for free.

而且，现在我们对 Anthropic 的产品路线图有了更清晰的了解。

And yeah, now we have a better idea of Anthropic's product roadmap.

我很期待这20个功能尽快上线。

I'm excited to see these 20 features launch soon.

是的。

Yeah.

这是一次大泄露。

It's a big leak.

我的意思是，对所有旁观者来说，这挺有趣的。

I mean, I think it's fun for everyone who's an observer.

谢谢Anthropic，你们比以往任何时候都更开放源代码。

Thank you, Anthropic, for being more open source than ever.

我希望他们能开始使用这个新的Capybara模型来实际检查这些发布内容，确保这种情况不再发生，因为这太棒了。

I hope that they're able to start using this new Capybara model to actually, you know, check these publications, make sure this doesn't happen, because it's amazing.

他们拥有如此多的智能，但表现却很不稳定。

They have so much intelligence, but it's so spiky.

显然，一个全知的AI如果应用在整个系统中，绝不会让这种情况发生，但显然它并没有被应用到每一个环节。

Clearly, an all knowing AI applied to the entire stack would never have let this slide, but clearly, it's not applied everywhere.

这也引发了许多问题，比如Anthropic原本是负责对齐的团队，但现在却由他们来决定谁能够获得这个新模型的权力，而且他们是以一种非常私密、封闭的方式进行的，仅限内部使用。

It's also raising a lot of questions about, well, Anthropic is like the alignment team, but now they are the ones who are going to determine who gets the power of this new model, and they're doing it in a very, like, private closed way, they're using it internally.

这带来了很多值得关注的有趣问题。

And it creates a lot of these interesting problems to look out for.

但就今天的泄露事件而言，这才是新闻。

But in terms of the leak today, that's the news.

这是一次重大泄露。

It was a big leak.

我简直不敢相信这种事情真的发生了。

I can't believe that actually happened.

我今天早上醒来，看到新闻时，心想：不可能。

Like, I woke up this morning, and I read the news, and I was like, no.

肯定哪里出错了。

Surely, there must be wrong.

这太夸张了。

Like, this is hyperbolic.

但不行。

But no.

整个内容都在那儿。

The the entirety.

全部都在。

It's all there.

你可以去读一下。

You can go and read it.

它在GitHub上，有趣的是，他们实际上正在积极删除那些分叉了代码的仓库，但今天早上有个人仅凭一个提示就用Python重写了整个代码，而现在你不能这么做了，因为代码已经略有不同。

It's on GitHub, and it's funny because they're actually actively trying to take down the repos that forked the code, but some guy rewrote the entire thing in Python this morning because you could just do that in a single prompt, and now you can't because the code is slightly different.

所以这很有趣、值得注意、疯狂、可怕、令人兴奋。

So it is interesting, noteworthy, crazy, scary, exciting.

我很高兴他有个伙伴。

I'm stoked he had a buddy.

我觉得今天评论区的提示可以是：嘿。

I think the the prompt for today's comment section could be like, hey.

你最期待哪个功能？

What what feature are you most excited about?

对我来说，是伙伴功能。

For me, it's the buddies.

我希望有一个小面板一直停留在我的Claude界面里，可以升级。

I want a little palette that sits in my Claude color all the time that I could level up.

有个闪亮的功能。

Get there's like a shiny feature.

有稀有度之分。

There's rarity.

它们就像集换式卡片。

They're like trading cards.

我不确定。

I don't know.

这可能会很酷。

It could be cool.

我非常期待。

I'm looking forward to it.

但我觉得这就是今天要泄露的内容。

But, I think that's that's the leak today.

这就是这一集。

That's the episode.

是的。

Yeah.

就是这样。

That's it.

非常感谢大家收听。

Thank you guys so much for listening.

在过去几个月里，有成千上万的人加入了我们的订阅并开启了通知。

There are thousands and thousands of you over the last couple of months that have joined us in subscribing, turning on notifications.

如果你还不是我刚才提到的那些人，请务必这么做。

If you aren't one of those people that I just described, please do so.