News & Updates
The latest news and updates from companies in the WLTH portfolio.
Anthropic's Leaked Code Reveals the Radical Strategy That Makes Claude Code a $2.5 Billion AI Tool
In what the company says was a simple packaging mistake, parts of the code behind Claude Code, its fast-growing AI coding product, were briefly made public early Tuesday morning. Within hours, developers had downloaded, shared, and begun dissecting the roughly 500,000 lines of code across GitHub, Fortune reported. Claude Code is already generating an estimated $2.5 billion in annual recurring revenue, with enterprise customers making up the vast majority of that growth. Now, competitors may have an unusually detailed roadmap for how it works. Anthropic confirmed the incident in a statement to Fortune, emphasizing that no customer data or credentials were exposed. The company described the issue as "human error," not a security breach, and said it is working to prevent similar mistakes.
Typing mistake causes petrol station chaos
A petrol station in Perth has been forced to sell the most expensive diesel in Western Australia after an employee made a typing error which added an entire dollar of value onto the already expensive fuel. Independent fuel retailer Burk was forced to sell diesel at nearly $4 a litre at its Cannington petrol station on Tuesday because of strict laws enforced by the WA petrol watchdog FuelWatch. Since the fuel crisis began, individual petrol stations have been forced to lock in the following day's petrol prices with FuelWatch in order to prevent artificial inflation. Burk managing director Umar Farooq told 9News that "multiple calls and emails" were sent to FuelWatch to try and rectify the issue, but nothing could be done. "We were told we can't sell it at the price other than what's been reported," Mr Farooq said. In a workaround to the issue, the petrol station chose to put a one-day discount of $1.04 on the diesel bowser. The employee responsible for the error is not expected to face any disciplinary action.
Will Bitcoin Price Crash to $45K? Here's What Polymarket Odds Show
Bitcoin's network activity also slumped, which has raised further concerns. Prediction markets are betting on what might happen to Bitcoin (BTC) price. Latest data suggests that traders are expecting Bitcoin price to crash to $45,000 in 2026. Meanwhile, they are also weighing the chances of a rebound. Latest numbers from Polymarket show that traders think there is a 52% chance of Bitcoin price crash below $45,000 this year. Such pessimistic predictions come as the BTC price has been going down lately. On the other hand, the chance of BTC price reaching $100,000 is about 30%, similar to what Kalshi traders estimate. Looking closer at price targets on Polymarket, we can see different expectations. As of writing, Polymarket traders weigh 65% probability of BTC dropping below $50,000 is 65%. Whilst the probability for a Bitcoin price below $40,000 is 38%, which means traders think it's possible but not very likely. Moreover, traders are not very optimistic on the upside. They think there is a 61% chance that Bitcoin will rise to $80,000. They think there is a 40% chance that it will rise to $90,000. At the same time, they think there is a 76% chance that the BTC price will drop below $55,000. This means they think it's very likely that the price will go down in the term. These differing opinions come as Bitcoin trades at $66,606. This is down from its high of $75,000 in mid-March. The recent BTC price drop has left the market in a situation. Technical indicators are showing uncertainty. The Relative Strength Index (RSI) is around 50. This means that the trend is neither bullish nor bearish. Analysts are watching price patterns closely. They think that if Bitcoin stays below $77,000, it might move toward $48,000. On the contrary, if it breaks above $83,000, BTC price could witness a sustained rebound. Ponting to Bitcoin price crash to $66,600 level, analyst Ted Pillows wrote on X, "If the $65,000-$66,000 support zone is lost, a new low will happen." Some people think that Bitcoin price has broken its upward trend. This means it might move toward $45,000. However, others think that BTC price movements are similar to those of oil prices. They point out that sharp price increases often happen after oil prices drop. Data about Bitcoin's network activity is also showing uncertainty. Network activity has softened, with a decline in 30-day active addresses, indicating reduced user engagement. It means that fewer people are using BTC. However, there are conversations about Bitcoin on social media. The sentiment remains mixed, though. Liquidity data shows that traders are watching price levels. Over periods, there is a "magnetic" price zone around $64,000. On the other hand, there is strong liquidity around $68,000. These areas might affect short-term price changes. In the meantime, institutional investors stay bullish on Bitcoin. On March 30, U.S. spot Bitcoin ETFs had an inflow of $69.44 million. This shows that people are still interested in Bitcoin despite the uncertainty. Recently, Elon Musk shared a post about Bitcoin in the media. However, the market reaction was calm as the BTC price hovered around $67,000. Moreover, Bitcoin price crash concerns have become a hot topic among traders owing to prediction markets, technical indicators, and on-chain metrics.
Typing mistake causes petrol station chaos
A petrol station in Perth has been forced to sell the most expensive diesel in Western Australia after an employee made a typing error which added an entire dollar of value onto the already expensive fuel. Independent fuel retailer Burk was forced to sell diesel at nearly $4 a litre at its Cannington petrol station on Tuesday because of strict laws enforced by the WA petrol watchdog FuelWatch. Since the fuel crisis began, individual petrol stations have been forced to lock in the following day's petrol prices with FuelWatch in order to prevent artificial inflation. Burk managing director Umar Farooq told 9News that "multiple calls and emails" were sent to FuelWatch to try and rectify the issue, but nothing could be done. "We were told we can't sell it at the price other than what's been reported," Mr Farooq said. In a workaround to the issue, the petrol station chose to put a one-day discount of $1.04 on the diesel bowser. The employee responsible for the error is not expected to face any disciplinary action.
Typing mistake causes petrol station chaos
A petrol station in Perth has been forced to sell the most expensive diesel in Western Australia after an employee made a typing error which added an entire dollar of value onto the already expensive fuel. Independent fuel retailer Burk was forced to sell diesel at nearly $4 a litre at its Cannington petrol station on Tuesday because of strict laws enforced by the WA petrol watchdog FuelWatch. Since the fuel crisis began, individual petrol stations have been forced to lock in the following day's petrol prices with FuelWatch in order to prevent artificial inflation. Burk managing director Umar Farooq told 9News that "multiple calls and emails" were sent to FuelWatch to try and rectify the issue, but nothing could be done. "We were told we can't sell it at the price other than what's been reported," Mr Farooq said. In a workaround to the issue, the petrol station chose to put a one-day discount of $1.04 on the diesel bowser. The employee responsible for the error is not expected to face any disciplinary action.
Egypt's Abdelatty warns of "total chaos" as Cairo coordinates regional de-escalation - Dailynewsegypt
Egyptian Foreign Minister Badr Abdelatty condemned ongoing Iranian attacks targeting Gulf states and Jordan on Tuesday, calling for an immediate halt to "unacceptable" strikes that he described as a flagrant violation of international law and the United Nations Charter. In a series of intensive telephone calls with his counterparts in Qatar, the United Arab Emirates, Saudi Arabia, and Jordan, Abdelatty said the attacks represented an assault on state sovereignty and the resources of their people. The discussions focused on the dangerous current escalation in the region and ongoing efforts to prevent a total "explosion" of the situation. Abdelatty held the talks with Qatari Prime Minister and Foreign Minister Sheikh Mohammed bin Abdulrahman, UAE Deputy Prime Minister and Foreign Minister Sheikh Abdullah bin Zayed, Saudi Foreign Minister Prince Faisal bin Farhan, and Jordanian Deputy Prime Minister and Foreign Minister Ayman Safadi. The ministers emphasized the importance of intensifying joint coordination with brotherly and friendly countries to contain the current crisis and prevent further deterioration. The calls also addressed the outcomes of a recent four-way ministerial meeting held in the Pakistani capital, Islamabad. The diplomats exchanged views on building upon those results to push for a diplomatic path and prioritise dialogue as the sole means to avoid "total chaos" in the region. Separately, Abdelatty received Charles Fries, the Deputy Secretary-General of the European External Action Service for Peace, Security and Defence, on Tuesday. The meeting was part of periodic consultations aimed at strengthening cooperation between Egypt and the European Union. During the meeting, Abdelatty highlighted the momentum in Egyptian-European relations, stressing the importance of enhancing cooperation in economic, trade, and investment fields under the framework of their comprehensive strategic partnership. The Foreign Minister reviewed Egypt's efforts to support regional stability, noting the intensive contacts Cairo is conducting to contain tensions. He reiterated that diplomacy and dialogue remain the only way to prevent the region from sliding into further instability. Fries praised Egypt's "pivotal role" in supporting regional security and its movements to contain crises and promote diplomatic paths. He further affirmed the importance of the strategic partnership between Egypt and the EU as a fundamental pillar for developing cooperation across various fields to serve mutual interests.
SpaceX Lead IPO Banks to Hold Kick-Off Meeting Monday, IFR Reports
Investment banks leading SpaceX's initial public offering are planning a meeting on Monday, April 6 with the broader syndicate working to prepare for the deal, International Financing Review reported, citing people familiar with the process. An Iranian missile strike on a base in Saudi Arabia damaged several military jets and destroyed a valuable E-3 Sentry early warning and control aircraft -- the first known combat loss for that type. The roughly $300 million plane was hit in an attack on Prince Sultan Air Base in recent days, according to a person familiar with the matter asking not to be identified discussing sensitive military operations. Unverified photos of the jet showed its tail completely severed, rendering it unflyable. The so-called AWACS plane, which has a rotating radar disc mounted above its fuselage, is used to spot distant threats and direct other combat aircraft. It provides a powerful advantage, and although the US operates more than 30 and can replace the loss, the destruction of one is costly. "It's a big deal," said Peter Layton, a former Royal Australian Air Force officer and a visiting fellow at the Griffith Asia Institute. "It highlights that large aircraft are vulnerable on the ground and need active defense. That is hard to do all the time, sometimes it fails." US Central Command didn't immediately respond to a request for comment on the loss of the aircraft, which was earlier reported by Air & Space Forces Magazine. Three other Boeing Co. Sentry aircraft have been lost in accidents since it was introduced in the late 1970s. Like the KC-135 Stratotanker, the plane is based on the airframe that also produced the 707 passenger jet. The US has not yet lost any crewed planes to enemy fire in the air during the campaign against Iran. More than a dozen MQ-9 Reaper strike drones have been shot down, however, showing that airspace over the country remains dangerous. US bombers, including B-52s and B-1Bs, continue to use long-range strike cruise missiles to strike targets in Iran safely. Attacks over the weekend featured some of the largest attacks since the war's start, with the UAE and Bahrain both reporting strikes of 20 ballistic missiles each on Saturday alongside Shahed-type weapons. Iran has launched more than 1,400 ballistic missiles at targets around the region, along at least 4,000 Shahed rudimentary cruise missiles. An earlier strike damaged several KC-135s on the ground at an airbase.
LAPSUS$ claims massive breach of AI hiring startup Mercor, says 4TB of data taken via Tailscale VPN - Tech Startups
A cybercrime group with a track record of hitting some of tech's biggest names says it has struck again -- this time going after one of the fastest-growing companies in the AI talent pipeline. Posts circulating across X and Reddit point to a claim by LAPSUS$ that it breached Mercor, an AI hiring and evaluation startup, and pulled out roughly 4 terabytes of internal data. The group says the haul includes source code, candidate databases, and thousands of recorded interviews tied to identity verification. The numbers, if accurate, are staggering. LAPSUS$ claims it accessed 939GB of source code, 211GB of database records containing resumes and personal data, and nearly 3TB of stored files. That storage reportedly includes video interviews containing face and voice data, along with KYC documents and passports. The group also says it obtained full access to Mercor's TailScale VPN environment, which could have given it access to much of the company's internal systems. According to the posts, the breach followed failed ransom negotiations. The attackers now say they may sell or release the data. "Mercor AI has allegedly been breached by Lapsus 939GB of source code 4TB of data in total All data from their TailScale VPN," Cybersecurity Analyst and Security Researcher Dominic Alvieri said in a post on X. Mercor has quickly become a key player in the AI ecosystem. Founded in 2023 by 22-year-old college dropouts Brendan Foody, Surya Midha, and Adarsh Hiremath, the San Francisco startup shifted from freelance matching into a core role supporting AI model training and evaluation. TechStartups featured Mercor late last year after the AI hiring startup raised $350 million at a $10 billion valuation. The company connects domain experts -- ranging from doctors to engineers -- with leading AI labs. Those experts review model outputs, test systems, and participate in structured interviews. Much of that process is recorded, verified, and stored, creating a large repository of sensitive material. Mercor says it has scaled quickly, with tens of thousands of experts on its platform and a reported annual revenue run rate in the hundreds of millions. That growth has made it a valuable partner to AI labs -- and a high-value target for attackers. The nature of its data makes the stakes even higher. Video interviews, identity documents, and detailed professional profiles are used alongside proprietary systems to match and evaluate talent. For attackers, that mix offers multiple paths to profit, from identity fraud to corporate espionage. The initial entry point remains unconfirmed. Posts tied to the incident suggest a developer may have exposed production credentials through an AI coding assistant linked to Anthropic. Incidents like this have started to surface more often as developers rely on AI tools in day-to-day workflows. Once inside, the attackers reportedly used Tailscale access to move through internal systems and extract data. Tools like Tailscale are widely used and considered secure, but access depends heavily on configuration and credential hygiene. One exposed key can create a path across an entire network. If the claims hold, the fallout could stretch far beyond a single company. For individuals, the exposure of video interviews and identity documents raises concerns that go well past typical data breaches. Face and voice data can be used to generate deepfakes, and unlike passwords, biometrics can't be reset. For Mercor, the loss of source code and internal systems could undermine trust with customers, especially AI labs that depend on the platform for sensitive evaluation work. It may also trigger scrutiny under privacy regulations such as GDPR and CCPA. For the AI industry, the implications are broader. Mercor sits close to the workflows for testing and refining advanced models. Any leak tied to those processes could offer insight into how leading systems are built and evaluated. As of publication, Mercor has not issued a public statement. Its website and social channels show no reference to the incident, and there has been no formal disclosure to users. LAPSUS$, meanwhile, has used public leaks to pressure targets in the past. The group first drew attention in 2022 after breaching companies including Microsoft and Nvidia. More recently, activity linked to similar groups has targeted enterprise platforms in large-scale extortion campaigns. The claim lands at a time when AI startups are scaling at breakneck speed. Hiring, infrastructure, and product development often move ahead faster than security practices can keep up. That gap is becoming a clear opportunity for attackers. Credential leaks, internal tooling exposure, and third-party integrations are now common weak points. As companies rely more on AI-assisted development, the line between productivity and risk is starting to blur. This story is still developing. Users who have completed interviews or submitted identity documents through Mercor may want to keep a close eye on financial and online accounts, and consider adding fraud alerts or credit monitoring as a precaution. Note: This report is based on publicly circulating claims by LAPSUS$ and information about Mercor's operations. The breach has not been independently verified.
Is E*Trade About to Cut Robinhood and SoFi Out of the SpaceX IPO?
Elon Musk's SpaceX is set to issue its IPO prospectus either this week or next, and the company is projected to raise a whopping $75 billion in its upcoming public market debut. In a show of appreciation for retail investors' affinity for Tesla, it has been reported that about 30% of that $75 billion in SpaceX stock will be issued to retail investors. Will AI create the world's first trillionaire? Our team just released a report on the one little-known company, called an "Indispensable Monopoly" providing the critical technology Nvidia and Intel both need. Continue " Traditionally, only institutional investors at major mutual funds, hedge funds, and high-net-worth family offices could purchase a newly public company at its IPO price. Often, a newly issued stock rises significantly on its first day of trading, leaving retail investors scrambling to buy more expensive shares. So, allocating 30% of the IPO to retail investors to level that playing field would be a big deal. But will two of the most popular retail trading platforms be left out? On Monday, Reuters reported that E*TRADE from Morgan Stanley, a popular retail trading platform acquired by Morgan Stanley in 2020, would take the lead in distributing SpaceX shares to retail investors. Additionally, the report also said that SpaceX was considering cutting popular up-and-coming retail brokerages Robinhood and SoFi out of the loop, even though both had also pitched the company for a small role in distributing IPO shares. Needless to say, having SpaceX rely solely on a brokerage owned by a major Wall Street investment bank would disappoint retail investors and be very off-brand for Elon Musk. Throughout his career, Musk has cultivated a strong relationship with retail investors and has often preached democratization in everything he's done related to tech and finance. Image source: Getty Images. Fortunately for traders on SoFi and Robinhood, Musk weighed in on these concerns with a simple post on his platform X, formerly known as Twitter, on Tuesday: While Musk didn't elaborate on exactly which retail brokerages would receive shares or how many, it does appear that at least some will be allocated to the popular Robinhood and SoFi platforms. Investors should keep an eye out for SpaceX's upcoming investor prospectus and whether the story and financials justify its $1.75 trillion valuation, which has been rumored in the press. On the other hand, some may merely want to acquire shares based on Musk's reputation as an innovator and SpaceX's reputation as a futuristic space economy leader, ignoring the financials altogether. After all, that's what one of SpaceX's biggest investors did when it invested last summer. Before you buy stock in Robinhood Markets, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the 10 best stocks for investors to buy now... and Robinhood Markets wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $501,381!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $1,012,581!* Now, it's worth noting Stock Advisor's total average return is 880% -- a market-crushing outperformance compared to 178% for the S&P 500. Don't miss the latest top 10 list, available with Stock Advisor, and join an investing community built by individual investors for individual investors. Billy Duberstein and/or his clients have no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Tesla. The Motley Fool has a disclosure policy.
Source Code for Anthropic's Claude Code Leaks at the Exact Wrong Time
Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly visible data cache, Anthropic has been hit with yet another lapse in protocol by inadvertently publishing internal source code for its AI coding assistant, Claude Code. The leak provides an unprecedented look into Anthropic's closed-source model just as the company is preparing for initial public offering. The code was discovered by Chaofan Shou, a self-identified intern at Solayer Lab who posts on X @Fried_rice. Per Shou, the source code was discovered a .map fileâ€"a plaintext file generated when compiling software that details the memory map of the projectâ€"found in an npm registry, which is a database for a package manager for JavaScript. The file, meant for internal debugging, is essentially a decoder. It takes what should be obfuscated and recompiles it for the developers. But Anthropic published it, exposing at least a partial, unobfuscated TypeScript source code of Claude Code version 2.1.88. The file contained about 512,000 lines of code related to Anthropic's coding agent. In a less technical manner: Anthropic accidentally gave away some of its blueprints that were never supposed to see the light of day, and programmers have been parsing through it all day. They've claimed to have found everything from "spinner verbs" or phrases that Claude serves up while working through a task, to details like how swearing at Claude affects how it receives a prompt. One person even claimed to have found a hidden "Tamagotchi" style virtual pet that Anthropic may have been working on. (A note on that: It was reportedly set to launch on April 1, so maybe chalk that one up to an April Fool's style bit.) The file also reveals a lot of information on how Claude operates, including its engine for API calls, how it counts tokens used to process prompts, and other technical aspects. What the code does not seem to contain is any details about Anthropic's underlying model, but everything that is in the file has been uploaded to a GitHub repository for users to interact with and fork. Anthropic declined to comment on the discoveries made by users, but did confirm the authenticity of the leaked source code to Gizmodo. In a statement, a spokesperson said, "Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again." Human error was probably part of it, but it's worth noting that the humans working on Claude Code have also been relying on the coding agent quite a bit. Back in December, Anthropic's head of Claude Code, Boris Cherny, posted that "In the last thirty days, 100% of my contributions to Claude Code were written by Claude Code." Reliance on the coding assistant has seemingly been on the rise across the company, so it's possible this situation was an incident of vibe coding too close to the sun. While this isn't exactly Anthropic giving away the ingredients to its secret sauce, it is a look at how its kitchen operates. And the timing couldn't really come at a worse time. Not only is Anthropic in the midst of what appears like a ramp-up to going public later this year, but its competitors are starting to turn their attention to trying to cut into the company's hold on coding and enterprise services. OpenAI has reportedly made a concerted effort to pivot to enterprise and recently offered unlimited access to its Claude Code competitor, Codex. There is never a good time to have your source code leak, but this does seem like a particularly bad time for it.
SpaceX Starlink Satellite Malfunctions, Breaks Apart in Orbit
A Starlink satellite suffered an unidentified anomaly, generating a small field of debris in low-Earth orbit. SpaceX lost contact with one of its Starlink satellites on Sunday due to an in-orbit malfunction, the company confirmed on X. Orbital tracking company LeoLabs later reported debris in the vicinity of the satellite after the event, suggesting that the Starlink satellite likely broke apart in orbit. SpaceX is working to identify the cause of the anomaly, the second such anomaly to affect one of its satellites in just over three months. The company reassured the public, however, that the event doesn't pose a risk to the International Space Station (ISS), the upcoming launch of the Artemis 2 mission, or SpaceX's Transporter-16 mission. The latest incident involved Starlink-34343, which was orbiting Earth at an altitude of approximately 347 miles (560 kilometers) above the surface. SpaceX didn't clarify what type of anomaly affected its Starlink satellite, only that it resulted in a loss of communication. The event was likely caused by an internal energetic source rather than an in-orbit collision with space debris or another object, according to LeoLabs. The company detected tens of fragments within the vicinity of the satellite over its radar site in the Azores, Portugal. "Additional fragments may have been producedâ€"analysis is ongoing," LeoLabs wrote on X. Because the satellite was at a low altitude at the time of the malfunction, the resulting debris will likely deorbit within a few weeks, according to LeoLabs. SpaceX also downplayed any risk posed by debris from its satellite. "Latest analysis shows the event poses no new risk to the [ISS], its crew, or to the upcoming launch of NASA’s Artemis II mission," the company wrote on X. "We will continue to monitor the satellite along with any trackable debris and coordinate with [NASA] and the [U.S. Space Force]." The rocket company also added that the satellite breakup did not threaten the launch of SpaceX's Transporter-16 rideshare mission, which lifted off earlier this morning. The mission is "designed to avoid Starlink with payload deploys well above or well below the constellation," according to SpaceX. The recent malfunction is giving us a serious case of déjà vu. In December 2025, another Starlink satellite experienced an anomaly that caused it to fall out of orbit and tumble its way toward Earth. The satellite suddenly dropped around 2.5 miles (4 kilometers) in altitude and created a small field of debris. There are currently over 10,000 Starlink satellites in orbit, and each is designed to remain operational for around five to seven years. Every day, one or two Starlinks fall back to Earth and break up in the atmosphere. The back-to-back anomalies, however, are not part of Starlink's scheduled demise. "These events illustrate the need for rapid characterization of anomalous events to enable clarity of the operating environment," LeoLabs wrote.
Anthropic Leaks Claude Code, a Blueprint for AI Coding Agents
Anthropic's apparent Claude Code leak looks embarrassing on the surface, but the bigger story is what it exposed: the architecture of a modern AI coding agent. From memory design to permissions and multi-agent orchestration, the leak offers a rare blueprint for how these systems are actually built. For all the talk about frontier AI, it's funny how often the really big reveals still come from the software equivalent of leaving your keys in the door. On March 31, 2026, developers noticed that a published npm package for Anthropic's Claude Code appeared to include a source map pointing to a downloadable archive of the tool's unobfuscated TypeScript source. The discovery was first amplified by Chaofan Shou on X, then quickly mirrored across GitHub, Reddit, and the broader AI-dev internet. Within hours, what had been a closed commercial coding agent was being picked apart in public like a new iPhone on teardown day. The obvious story is that Anthropic had a bad morning. The more interesting story is what the leak appears to reveal: Claude Code is not just "Claude, but in a terminal." It looks much closer to an operating system for software work, with permissions, memory layers, background tasks, IDE bridges, MCP plumbing, and multi-agent orchestration all stacked around the model. That matters because the AI coding race is no longer just about who has the smartest model. It's about who has the best harness. According to the public mirror at nirholas/claude-code, the leaked Claude Code CLI spans roughly 1,900 files and more than 512,000 lines of strict TypeScript, built on Bun with React and Ink for the terminal UI. The repo's architecture docs describe a sprawling system: a huge QueryEngine, a centralized tool registry, dozens of slash commands, persistent memory, IDE bridge support, MCP integrations, remote sessions, plugins, skills, and a task layer for background and parallel work. In other words: not a chatbot wrapper. A product stack. That's the real leak. We've spent the last year watching coding agents get pitched as if the magic were all in the model. Make the model better, give it a shell, sprinkle in a code editor, and voilà: software engineer. But the Claude Code mirror suggests the hard part is everything around the model. Tool permissions. Context loading. State management. Session recovery. Memory hygiene. Background jobs. Team coordination. The stuff that sounds boring right up until your agent nukes a repo, loses the thread, or hallucinates its way into a refactor from hell. And if one theme keeps surfacing from developers analyzing the leaked code, it's memory. One of the sharpest breakdowns came from Himanshu on X, who argued that Claude Code's memory system appears designed less like a giant notebook and more like a constrained retrieval architecture. The key idea is deceptively simple: memory is treated as an index, not storage. A lightweight MEMORY.md or CLAUDE.md-style layer stays resident, but it mostly points to knowledge rather than trying to contain it. Topic files are fetched on demand. Full transcripts aren't hauled back into context wholesale. If something is derivable from the codebase, it often shouldn't be stored at all. That's a subtle but important design choice. Most people imagine "agent memory" as a bigger backpack. Claude Code's memory, at least from the public analysis, looks more like a filing system with a strict librarian. The rest of the pattern is even more revealing. The memory system described by analysts appears to be bandwidth-aware, skeptical, and aggressively self-editing. It doesn't just append more notes forever. It rewrites. It deduplicates. It prunes contradictions. It treats stale memory as a liability, not an asset. And crucially, it seems to separate memory consolidation from the main agent context, which is exactly the kind of detail you only build after learning the hard way that autonomous systems can poison themselves with their own residue. That's the sort of thing competitors care about a lot more than Twitter does. Because this leak, if the mirror is broadly faithful, didn't just reveal some internal implementation trivia. It exposed how one serious AI coding product appears to be solving the central problem of agent reliability: how do you let an AI operate over long stretches of messy, changing work without drowning in context entropy? The answer seems to be: don't trust memory too much, don't store what you can re-derive, and never let the agent's internal scrapbook become more authoritative than the actual code. That's a much bigger deal than "Anthropic leaked code." It also lands at an awkward moment for Anthropic, because Claude Code has been marketed with a strong security and control story. Anthropic's own Claude Code docs emphasize permission prompts, read-only defaults, and sandboxing. Security researchers at Check Point had already disclosed serious Claude Code flaws in February 2026 involving malicious repo configuration and consent bypass. So when a packaging mistake appears to expose the internals of the product a month later, the irony is hard to miss: the company building secure autonomous coding agents may have tripped over one of the oldest problems in software shipping. At the same time, the leak arrives in a market that is already moving toward a split between open-by-design and closed-until-it-breaks. That's where OpenAI's Codex changes the framing. OpenAI has been explicit for months that parts of its coding-agent stack are open source. In May 2025, OpenAI described Codex CLI as a "lightweight open-source coding agent" in its official launch post. Its openai/codex repo is public and Apache-2.0 licensed. By October 6, 2025, OpenAI was saying GPT-5-Codex had been trained specifically for "the open-source agent implementation that powers the Codex CLI," and by February 2, 2026 it was still describing the Codex app as built on the same open-source sandboxing foundation. That doesn't make the Claude Code leak less significant. It makes it more legible. OpenAI is selectively open-sourcing parts of its harness on purpose. Anthropic appears to have disclosed comparable product architecture by accident. The difference isn't just PR. It tells you what each company thinks the moat is. If you open-source the harness, you're betting the advantage lives in the model, the product velocity, the ecosystem, and the distribution. If you keep the harness closed, you're implying the orchestration layer itself is part of the crown jewels. Claude Code's leak matters because it suggests Anthropic believed exactly that, and then had that layer dragged into daylight anyway. There's a second-order effect here, too: leaks like this don't just inform competitors. They educate the entire market. The public mirror didn't stay a dumb archive for long. It quickly turned into an explorable documentation project, complete with architecture guides, subsystem notes, and even an MCP server for navigating the leaked source. That's a weirdly perfect metaphor for the current AI era. The moment the black box cracks open, the community doesn't just stare at the guts. It productizes the teardown. So yes, Anthropic leaked Claude Code. But the real significance is not that developers got to rubberneck. It's that we got a clearer picture of what a modern AI coding agent actually is: not a model with a shell, but a carefully engineered stack of permissions, retrieval, memory discipline, task management, UI design, and orchestration logic. The frontier is moving away from raw intelligence demos and toward systems that can keep their footing over long-running work. Or put differently: the future of coding agents may depend less on how much they can remember than on how well they forget. And if that turns out to be the enduring lesson of the Claude Code leak, Anthropic may have accidentally given the entire industry a free architecture review. If you want, I can do one more polishing pass next to make it even more Neuron-y and tighten a few lines for flow.
Best Crypto to Buy Now as Kraken-Linked SPAC Eyes $10B and Pepeto Outpaces BTC, ETH
A Kraken linked SPAC is searching for a crypto native acquisition target worth up to $10 billion, proving institutional capital hunts for exchange infrastructure at nine and ten figure valuations. That shifts the best crypto to buy now conversation because when billion dollar entities hunt crypto infrastructure, the message is clear. Exchange products are what this cycle rewards. The debate about which entry leads is settled by the capital that flowed in. Pepeto turned the original Pepe concept into $11 billion with zero products. More tools behind a project logically reaches further than what zero tools reached, and more than $8 million committed during fear confirms it. Kraken SPAC $10B Hunt Creates the Strongest Best Crypto to Buy Now Signal A Kraken linked SPAC is searching for a crypto acquisition target worth up to $10 billion, according to CoinDesk. The hunt targets exchange infrastructure as institutional capital flows into crypto platforms. Pantera Capital reported that 2026 will be about real compliance and institutional money, not speculation. When billion dollar entities hunt exchange infrastructure, the reader searching for the best crypto to buy now should see that exchange products are what this cycle rewards, and presale entries with confirmed listings on those exchanges benefit directly. Top Entries Competing for the Strongest Position This Cycle Pepeto After every market correction, the freshest entries with the strongest infrastructure attract the most capital. The debate about which entry leads this cycle is settled. The original Pepe reached $11 billion with zero working products. Pepeto carries a live exchange, verified contracts, and a confirmed Binance listing. More tools behind a project logically reaches further than what zero tools ever reached, and the reader's search confirms the answer. The same person who created Pepe designed every feature on this exchange, and someone from Binance's trading operations built the execution systems. SolidProof tested every contract and confirmed zero issues. Pepeto is the best crypto to buy now because this combination of proven cofounder, live exchange, and confirmed listing does not exist in any other presale. The contract grading system scans any token and flags hidden dangers before capital commits. PepetoSwap matches trades across six blockchains without order book delays. Both products handle real volume on a live exchange today, processing trades while most presale entries carry only future plans. SolidProof cleared every contract, and 420 trillion tokens match the supply that powered Pepe from nothing to $11 billion. The exchange gives the math a working foundation the original never had. More than $8 million entered during fear while a Kraken SPAC hunts exchange infrastructure at $10 billion valuations. Holders earn 190% annual yield through the staking program for positions built before the listing. Analysts project 100x or greater once the confirmed Binance listing opens. With a live exchange behind it, Pepeto represents the kind of entry that made early meme investors wealthy, and the math that zero products reached $11 billion is the debate settler for what more products logically delivers. BTC BTC traded near $67,900 on March 31, according to CoinGecko. Down 47% from highs. Kraken SPAC hunting infrastructure proves institutional commitment grows. Recovery delivers 87%. BTC remains the anchor, but the best crypto to buy now for multiplier returns lives in presale entries with confirmed listings. ETH ETH traded near $2,099 on March 31, according to CoinMarketCap. Down 60% from peak. Fusaka upgrade improving scalability. Recovery to $4,950 delivers 147%. ETH adds infrastructure exposure, but the best crypto to buy now for multiples comes from entries at confirmed listing pricing. Conclusion After this correction, Pepeto may be the freshest entry the market offers. At $0.000000186 with a confirmed Binance listing, it represents the kind of entry that made early investors wealthy as Kraken hunts exchange infrastructure at $10 billion. In a market full of noise, the debate is settled by $8 million during fear and a cofounder who proved $11 billion from nothing. Entering at the Pepeto official website is the decision because more tools behind the project logically reaches what zero tools reached and further, and the listing is where that math delivers for wallets that acted while the debate was still open. Visit Pepeto official website for the best crypto to buy now before listing. FAQs Why does the Kraken SPAC hunting $10B matter for the best crypto to buy now? It proves institutional capital hunts exchange infrastructure. Pepeto benefits with a live exchange and confirmed Binance listing. Is BTC the strongest best crypto to buy now at $67,900? BTC targets 87% to highs. Pepeto targets 100x from one listing at the Pepeto official website. What settles the best crypto to buy now debate? $11B from zero products. More tools reaches further. SolidProof audit, live exchange, confirmed listing. Related Items:best crypto to buy, Bitcoin news, Crypto Market News Today, Ethereum
Reeves and Starmer Government to make £20m a day in tax from Iran war chaos
The Chancellor can expect a multibillion-pound windfall in tax as the war drives up energy prices at petrol pumps War in the Middle East is set to bring in £20m-a-day extra in energy taxes for Rachel Reeves. The Chancellor can expect a multibillion-pound windfall in tax as the war drives up energy prices at petrol pumps. The additional revenue includes billions of pounds levied from North Sea oil and gas profits, power generators and VAT on petrol sales. Now the Government is being urged by lobbying groups to use the cash to shield households and drivers from the spiralling cost of energy as war rages on between Donald Trump and the Iranians. FairFuel UK founder Howard Cox called on ministers to cut fuel duty as the price of petrol is at a 28-month high and diesel hits a record £2 a litre. Household energy bills could also increase by £288 a year in July, according to latest forecasts from analysts Cornwall Insight. But Government sources warned any extra monies from an energy tax windfall will be swallowed up by the increased cost of borrowing since the start of the war. PM Sir Keir Starmer chaired a meeting of the Cobra crisis committee yesterday (Tues) to consider the impact on households and the wider economy from soaring energy costs. Ms Reeves has already indicated that targeted help for poorer households could be available if bills continue to rise. Energy consumers minister Martin McCluskey said: "Tackling the affordability crisis is our number one priority. "I know many families will be thinking about how events in the Middle East might impact the cost of living at home. "We will continue to fight people's corner through this crisis." The increased windfall tax take was based on analysis of Office for Budget Responsibility figures from 2025 by Chris Wheaton, of financial services firm Stifel. A Treasury statement said: "We understand people are worried about how global conflicts could affect the cost of living. "It's still too early to know the full impact of this crisis. "But as the chancellor said, she will take the necessary decisions to support families and protect public finances."
Is E*Trade About to Cut Robinhood and SoFi Out of the SpaceX IPO? | The Motley Fool
Elon Musk's SpaceX is set to issue its IPO prospectus either this week or next, and the company is projected to raise a whopping $75 billion in its upcoming public market debut. In a show of appreciation for retail investors' affinity for Tesla, it has been reported that about 30% of that $75 billion in SpaceX stock will be issued to retail investors. Traditionally, only institutional investors at major mutual funds, hedge funds, and high-net-worth family offices could purchase a newly public company at its IPO price. Often, a newly issued stock rises significantly on its first day of trading, leaving retail investors scrambling to buy more expensive shares. So, allocating 30% of the IPO to retail investors to level that playing field would be a big deal. But will two of the most popular retail trading platforms be left out? On Monday, Reuters reported that E*TRADE from Morgan Stanley, a popular retail trading platform acquired by Morgan Stanley in 2020, would take the lead in distributing SpaceX shares to retail investors. Additionally, the report also said that SpaceX was considering cutting popular up-and-coming retail brokerages Robinhood and SoFi out of the loop, even though both had also pitched the company for a small role in distributing IPO shares. Needless to say, having SpaceX rely solely on a brokerage owned by a major Wall Street investment bank would disappoint retail investors and be very off-brand for Elon Musk. Throughout his career, Musk has cultivated a strong relationship with retail investors and has often preached democratization in everything he's done related to tech and finance. Fortunately for traders on SoFi and Robinhood, Musk weighed in on these concerns with a simple post on his platform X, formerly known as Twitter, on Tuesday: While Musk didn't elaborate on exactly which retail brokerages would receive shares or how many, it does appear that at least some will be allocated to the popular Robinhood and SoFi platforms. Investors should keep an eye out for SpaceX's upcoming investor prospectus and whether the story and financials justify its $1.75 trillion valuation, which has been rumored in the press. On the other hand, some may merely want to acquire shares based on Musk's reputation as an innovator and SpaceX's reputation as a futuristic space economy leader, ignoring the financials altogether. After all, that's what one of SpaceX's biggest investors did when it invested last summer.
Tesla Surges 5%: Delivery Hopes, Terafab, and SpaceX Buzz Are All Converging at Once
Tesla (NASDAQ:TSLA | TSLA Price Prediction) shares are up 5% in Tuesday's session, trading around $373 after opening at $355.28. Three distinct catalysts landed within the same 24-hour window, and the market is treating their convergence as meaningful. That kind of stacked narrative is rare, and it explains why the move has legs even against a difficult recent backdrop. TSLA stock entered today down 21% year to date and off 6.71% over the past week. Today's rally doesn't erase the recent pain, but it suggests that when enough positive news arrives at once, buyers are willing to step back in. So, let's walk through exactly what is driving the move and what investors should be watching as the quarter officially closes. The quarter ends today, and the market is front-running what analysts expect to be a meaningful year-over-year improvement for Tesla. Consensus estimates point to 365,645 vehicles delivered globally in Q1 2026, representing a 9% year-over-year increase. Prediction market traders on Polymarket assign a 76.5% implied probability to Q1 deliveries landing in the 350,000 to 375,000 range, with the formal report expected in early April. Beyond vehicles, Tesla is projecting a record 14.4 gigawatt-hours in energy storage deployments for the quarter. That figure underscores how meaningfully the energy segment has grown as a share of the overall business. For context, the energy segment generated $3.84 billion in revenue in Q4 2025, up 25% year over year, and the trajectory appears to be continuing. Granted, the delivery number still represents a sequential decline from Tesla's Q4 2025's 418,227 units. Investors appear willing to look past that, focusing instead on the year-over-year recovery narrative after a difficult stretch of declining volumes. The bigger strategic headline today is the Terafab announcement. Tesla and SpaceX are planning to build two advanced chip factories in Austin, Texas as part of a "Terafab" project, a collaboration involving Tesla, SpaceX, and xAI to address future chip demand for Tesla's vehicles, Optimus robots, and AI data centers in space. No completion date has been announced, but the intent is clear. The strategic logic is evident. Current global chip supply meets only a small fraction of the projected needs across these three entities, and vertical integration in silicon is increasingly viewed as a competitive necessity. Tesla's AI training compute in Texas is already planned to more than double in H1 2026, which means chip supply constraints are an immediate operational concern, not a distant one. This announcement carries a sentiment score of 0.432553 (bullish) in news sentiment analysis, the highest of the three catalysts driving today's move. The market is treating Terafab as a credible long-term differentiator for Tesla, even without a specific timeline. Tesla CEO Elon Musk denied reports that Robinhood Markets (NASDAQ:HOOD) and SoFi Technologies (NASDAQ:SOFI) would be excluded from the SpaceX IPO, with both stocks rising following Musk's clarification on X. The SpaceX IPO is expected to target a valuation of $1.75 trillion, and prediction markets currently assign 57.5% probability to an IPO occurring by June 30, rising to 90% by year-end. Tesla doesn't own SpaceX, but the two companies share leadership, supplier relationships, and investor mindshare. When SpaceX generates institutional attention, some of that energy flows toward Tesla as the other major Musk-led enterprise. That halo effect is real, even if it is difficult to quantify precisely. Separately, Tesla's Robotaxi service expanded to a new hub in downtown Oakland at the 1900 Broadway apartment tower, marking its second East Bay location. Incremental autonomous vehicle deployment keeps the long-term AI narrative visible for investors tracking execution against Tesla's stated roadmap. You can access our deeper breakdown of the bull and bear cases for TSLA stock. The official Q1 delivery report, expected in early April, will be the next major data point. Wedbush maintains a $600 price target on TSLA, among the highest on Wall Street, while analyst targets range from $438 to $600. One risk worth monitoring is that Iran's IRGC placed Tesla on a list of 18 US companies with threatened Middle East operations, citing Tesla's physical presence in the Gulf region including showrooms and Supercharger stations, with an explicit deadline of April 1. That headline hasn't weighed on shares today, but it bears watching into tomorrow's open.
War gloom over US IPO market; even SpaceX may not save the day
After a first quarter marked by stop-and-start activity for IPOs, talk has turned to the implications of the raging conflict and the lingering effect of artificial intelligence scares. No wonder many listing candidates are sitting on their hands as a possible IPO for billionaire Elon Musk's rocket company, which could come as soon as June and dwarf every other debut, takes shape. The companies that typically make up the backbone of the US initial public offering market are eyeing the Iran war for signs volatility could boil over and wreck their plans. For banks, there's a ray of hope - that SpaceX's potential blockbuster listing could still go ahead, and make their whole year. After a first quarter marked by stop-and-start activity for IPOs, talk has turned to the implications of the raging conflict and the lingering effect of artificial intelligence scares. No wonder many listing candidates are sitting on their hands as a possible IPO for billionaire Elon Musk's rocket company, which could come as soon as June and dwarf every other debut, takes shape. "The situation in Iran has thrown a wrench into things and AI disruption has been pronounced this year," said Evan Riley, Americas head of equity capital markets at BNP Paribas SA. "You've had some hiccups in terms of withdrawn deals - you'll see the complexion of IPOs change a bit." "But if you have mega IPOs come then that changes the entire year because you can easily have a full year of IPO volume in one deal," he said in an interview.
Kiyosaki's unconventional approach to investing: 'I paid for it on my credit card.' How to invest in real estate safely
This article adheres to strict editorial standards. Some or all links may be monetized. As elevated as home prices are these days, buying a house can be a significant challenge even for those with stable income. But for Rich Dad, Poor Dad author Robert Kiyosaki, it's a breeze. During an interview with personal finance YouTuber Sharan Hegde, Kiyosaki stated, "I own 15,000 houses (1)." The median house price in the U.S. was $405,300 in Q4 of 2025, according to the Federal Reserve Bank of St. Louis (2). Hegde asked if Kiyosaki rents out these houses to collect income, to which Kiyosaki simply responded, "Yeah." The famed author elaborated on the topic of purchasing a house, explaining: "Nothing wrong with buying a house. The difference is, I use debt to buy it, and I pay no taxes. It's not the house, it's not the stock, it's not the bond, it's not the ETF. It's your brains." More recently on YouTube, Kiyosaki posted on his own channel about his first investment property -- which he bought using a credit card. "I bought my first piece of real estate on the island of Maui," he said. "One bedroom, one bath. It wasn't quite oceanfront but was pretty close to the ocean. I paid for it on my credit card -- so it was 100% debt financing." Even in those early days, he had no concerns about using credit card debt to pay for housing. "I had none of my own money in the deal and I was still making money (3)." Kiyosaki is referring to a strategy often employed by real estate investors. They often use borrowed money (debt) to finance their purchases. This allows them to acquire more assets than they could with their own money alone. Mortgage interest from these loans can be deducted from taxable income, lowering their overall tax burden. In addition, investors can claim expense deductions for property taxes, property insurance and costs associated with managing and maintaining the property, such as repairs, maintenance and property management fees (4). By leveraging debt and taking advantage of tax deductions, real estate investors can boost their returns while minimizing taxes. If this is an approach you want to take, it should be done with caution -- and hiring a financial advisor is a smart approach. Advisor.com can quickly match you with an advisor who can guide you through your options. Just answer a few quick questions about your investment timeline and goals, and Advisor.com will match you with an advisor who best fits your needs. Kiyosaki distinguishes between income-generating properties and a primary residence, emphasizing they serve different financial purposes. "Your house is not an asset," Kiyosaki said. According to Kiyosaki, there's an easy way to determine if something is an asset. "What is the definition of the word? If it puts money in my pocket, it's an asset. If my house is taking money from my pocket, it's a liability," he explained. By this definition, a primary residence is not an asset. Most homeowners face mortgage payments, property taxes, insurance and maintenance costs, which take money out of their pockets. Instead, real estate should be generating steady, stable returns. Lightstone DIRECT offers accredited investors access to institutional-quality multifamily and industrial real estate -- with a minimum investment of $100,000. Founded in 1986 by David Lichtenstein, Lightstone Group is one of the largest privately held real estate investment firms in the U.S., with more than $12 billion in assets under management. Over nearly-four decades, their team has delivered strong, risk-adjusted performance across multiple market cycles -- including a 27.5% historical net IRR and a 2.49x historical net equity multiple on realized investments since 2004. With Lightstone DIRECT, you gain access to that proprietary deal flow. Here's the kicker: Lightstone invests at least 20% of its own capital in every deal -- roughly four times the industry average. With its skin in the game, the firm ensures its interests are directly aligned with those of its investors. If you're not an accredited investor, crowdfunding platforms like Arrived allow you to enter the real estate market for as little as $100. Arrived offers you access to shares of SEC-qualified investments in rental homes and vacation rentals, curated and vetted for their appreciation and income potential. Backed by world-class investors like Jeff Bezos, Arrived makes it easy to fit these properties into your investment portfolio regardless of your income level. Their flexible investment amounts and simplified process allow accredited and non-accredited investors to take advantage of this inflation-hedging asset class without any extra work on your part. Of course, you can invest in income-producing real estate assets. After all, in an era where passive income has become a big buzzword, one of the most popular ways to create a passive income stream is through real estate -- at least in theory. The good news? These days, you can invest in real estate without becoming a landlord. For instance, necessity-based commercial real estate are properties that serve an essential function - like health-care facilities or grocery stores - making these properties in demand because they are always in need regardless of economic conditions. Real estate investment platform mogul offers fractional ownership in blue-chip rental properties, which gives investors monthly rental income, real-time appreciation and tax benefits -- without the need for a hefty down payment or 3 A.M. tenant calls. Founded by former Goldman Sachs real estate investors, the team hand-picks the top 1% of single-family rental homes nationwide for you. Simply put, you can invest in institutional quality offerings for a fraction of the usual cost. Each property undergoes a vetting process, requiring a minimum 12% return even in downside scenarios. Across the board, the platform features an average annual IRR of 18.8%. Their cash-on-cash yields, meanwhile, average between 10 to 12% annually. Offerings often sell out in under three hours, with investments typically ranging between $15,000 and $40,000 per property. Every investment is secured by real assets, not dependent on the platform's viability. Each property is held in a standalone Propco LLC, so investors own the property -- not the platform. Blockchain-based fractionalization adds a layer of safety, ensuring a permanent, verifiable record of each stake. Getting started is a quick and easy process. You can sign up for an account and then browse available properties. Once you verify your information with their team, you can invest like a mogul in just a few clicks. Join 250,000+ readers and get Moneywise's best stories and exclusive interviews first -- clear insights curated and delivered weekly. Subscribe now. We rely only on vetted sources and credible third-party reporting. For details, see our editorial ethics and guidelines. @FinancewithSharan (1); Federal Reserve (2); @TheRichDadChannel (3); IRS (4)
Anthropic mistakenly leaks its own AI coding tool's source code, just days after accidentally revealing an upcoming mode
Source: Fortune Anthropic mistakenly leaks its own AI coding tool's source code, just days after accidentally revealing an upcoming model known as Mythos By Beatrice Nolan March 31, 2026, 2:15 PM ET The leak comes just days after Fortune reported that the company had inadvertently made close to 3,000 files publicly available, including a draft blog post that detailed a powerful upcoming model that presents unprecedented cybersecurity risks. The model is known internally as both "Mythos" and "Capybara," according to the leaked blog post obtained by Fortune. The source code leak exposed around 500,000 lines of code across roughly 1,900 files. When reached for comment, Anthropic confirmed that "some internal source code" had been leaked within a "Claude Code release." A spokesperson said: "No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We're rolling out measures to prevent this from happening again." The latest data leak is potentially more damaging to Anthropic than the earlier accidental exposure of the company's draft blog post about its forthcoming model. While the latest security lapse did not expose the weights of the Claude model itself, it did allow people with technical knowledge to extract additional internal information from the company's codebase, according to a cybersecurity professional Fortune asked to review the leak. -snip- Read more: https://fortune.com/2026/03/31/anthropic-source-code-claude-code-data-leak-second-security-lapse-days-after-accidentally-revealing-mythos/
How SentinelOne's AI EDR Autonomously Discovered and Stopped Anthropic's Claude from Executing a Zero Day Supply Chain Attack, Globally
Host-based Behavioral Autonomous AI Detection is by far the most effective way to generically see, and stop both Human and/or machine-speed AI Agent based rogue or malicious activities. On March 24, 2026, SentinelOne's autonomous detection caught what manual workflows never could have: a trojaned version of LiteLLM, one of the most widely used proxy layers for LLM API calls, executing malicious Python across multiple customer environments. The package had been compromised hours earlier. No analyst wrote a query. No SOC team triaged an alert. The Singularity Platform identified and blocked the payload before it could run, across every affected environment, on the same day the attack was launched. The LiteLLM supply chain compromise is not an anomaly. It is the new pattern: multi-stage, multi-surface, designed to evade manual workflows at every turn. A compromised security tool led to a compromised AI package, which led to data theft, persistence, Kubernetes lateral movement, and encrypted exfiltration, all within a window measured in hours. SentinelOne detected and blocked this attack autonomously, on the same day it was launched, across multiple customer environments. No manual triage. No signature update. No analyst in the loop for the initial containment. This is what autonomous, AI-native defense looks like when it meets a real-world threat at machine speed. The gap between the velocity of this attack and the capacity of human-driven investigation is the gap where organizations get compromised. Closing that gap is not a feature request. It is an architectural decision. This is what happens when AI infrastructure gets targeted by a multi-stage supply chain campaign, and what it looks like when autonomous, AI-native defense is already in position. Here is what we detected, how the attack was structured, and why this is the class of threat that the Singularity Platform was built to stop. SentinelOne's macOS agent identified and preemptively killed a malicious process chain originating from Anthropic's Claude Code running with unrestricted permissions (). No human developer ran , an autonomous AI coding assistant updated LiteLLM to the compromised version as part of its normal workflow. The AI engine classified the behavior as MALICIOUS and took immediate action: KILLED (PREEMPTIVE) across 424 related events in under 44 seconds. The agent didn't need to know the package was compromised, it watched what the process did and stopped it based on behavior, regardless of what initiated the install. The macOS agent caught the trojaned LiteLLM package mid-execution. The process summary tells the story: launching with a command line containing , the exact bootstrap mechanism described in the attack's first stage, decoding and executing the obfuscated payload in a child process. The agent didn't need a signature for this specific package. It recognized the behavioral pattern, a Python interpreter executing base64-decoded code in a spawned subprocess, classified it as MALICIOUS, and killed it preemptively before the stealer, persistence, or lateral movement stages could deploy. Zooming out on the same detection reveals the full scope of what the autonomous AI agent was doing when the payload fired. The process tree expands from Claude Code (2.1.81) into a sprawling chain: , with hundreds of child events still loadable (304 events captured). This is what unrestricted AI agent activity looks like at the endpoint level: a single command spawning an entire dependency management workflow that pulled, installed, and attempted to execute the trojaned package. The SentinelOne macOS agent traced every branch of this tree, correlated the events back to the root cause, and killed the malicious execution; all while preserving the full forensic record for investigation. The attacker, operating under the alias TeamPCP, never attacked LiteLLM directly. They first compromised Trivy, a widely trusted open-source security scanner, on March 19. From there, they obtained the LiteLLM maintainer's PyPI credentials and used them to publish two malicious versions: 1.82.7 and 1.82.8. A security tool, built to find vulnerabilities, became the vector that enabled the compromise of an AI infrastructure package used by thousands of organizations. The same actor went on to compromise Checkmarx KICS and AST on March 23, and Telnyx on March 27. This was not a smash-and-grab. It was a coordinated campaign that exploited the transitive trust woven through open-source supply chains. For security leaders asking, "Could this have reached us?" the more pressing question is: "How fast could we have answered that?" In one customer environment, SentinelOne detected the infection arriving through an unexpected vector: an AI coding assistant running with unrestricted system permissions autonomously updated LiteLLM to the trojaned version without human review. The update pulled the infected package, and the payload attempted to execute. Our agent blocked it. This is a new class of attack surface that most organizations have not yet scoped. AI coding agents operating with full system permissions can become unwitting vectors for supply chain compromises. The speed and automation that make these tools valuable are the same properties that make them dangerous when the packages they pull have been weaponized. Organizations that have not yet established governance policies for AI assistant permissions are carrying risks they cannot see. SentinelOne's behavioral detection operates below the application layer. It does not matter whether a malicious package is installed by a human, a CI pipeline, or an AI agent. The platform monitors process behavior at the kernel level, which is why this detection fired regardless of how the infected package arrived. Version 1.82.7 embedded its payload in , which executes every time the module is imported. For anyone using LiteLLM as a proxy layer for LLM API calls, this fires constantly during normal operations. Version 1.82.8 escalated. The attacker placed the payload in a file, . Files with the extension are processed by the Python interpreter at startup, regardless of which modules are imported. Any Python script running on a system with this version installed would trigger the malicious code, even if that script had nothing to do with LiteLLM. If version 1.82.7 was a targeted shot, version 1.82.8 was a blast radius expansion. The attacker removed the requirement that the victim actually use the compromised library. The attack was structured as a multi-stage delivery system, each stage decoding, decrypting, and executing the next. The first stage was a minimal bootstrap, a single line of base64-decoded Python launched in a detached subprocess with stdout and stderr suppressed. Lightweight enough to slip past signature-based tools. Quiet enough to avoid raising flags. The second stage was a comprehensive data stealer. It harvested system and user information, cryptocurrency wallets, cloud credentials, application secrets, and system configurations. For practitioners wondering what the blast radius looks like if a developer workstation is compromised, this is the answer: the attacker collects everything needed to move from a laptop to production infrastructure. The third stage established persistence through a systemd user service at , executing a script at . The naming convention, "sysmon," was deliberately chosen to mimic legitimate system monitoring tools. It is designed to survive casual inspection and blend into environments where dozens of services run as expected background noise. This is precisely the kind of evasion that signature-based detection misses and behavioral AI catches: the process looks normal until you observe what it actually does. The persistence mechanism included a 5-minute initial delay before any network activity, a technique specifically designed to outlast automated sandbox analysis. After that, the script contacted its C2 server every 50 minutes, fetching dynamic payload URLs. This sparse communication pattern makes behavioral detection through network monitoring significantly harder, and gives the attacker the ability to push new tooling without ever re-compromising the target. The attack did not stop at the workstation. It created privileged pods across Kubernetes cluster nodes in the namespace, using standard container images like , with , and a privileged security context. By mounting the host filesystem directly, these pods gained root-level access to underlying nodes. Each pod deployed persistent backdoors as systemd services on the host system. The pods operated in legitimate namespaces, used standard images, and ran with privileges that many production workloads legitimately require. For SOC practitioners asking whether their admission control and runtime detection would have caught this: the attack was designed specifically so they might not. Detecting this requires runtime visibility into container behavior after deployment, not just policy enforcement at the admission gate. This is the difference between cloud security that checks configuration and cloud security that watches execution. Stolen data was encrypted using a hybrid RSA and AES-256-CBC scheme. A random 32-byte AES session key encrypted the data, then the session key itself was protected with RSA encryption using a hardcoded public key. This meant the malware could encrypt and exfiltrate without first communicating with the C2 server. The encrypted payload was packaged as and transmitted via a single HTTP POST to , a domain chosen to blend with legitimate LiteLLM API traffic and slip past network monitoring that whitelists expected destinations. The LiteLLM supply chain compromise is not an anomaly. It is the new pattern: multi-stage, multi-surface, designed to evade manual workflows at every turn. A compromised security tool led to a compromised AI package, which led to data theft, persistence, Kubernetes lateral movement, and encrypted exfiltration, all within a window measured in hours. SentinelOne detected and blocked this attack autonomously, on the same day it was launched, across multiple customer environments. No manual triage. No signature update. No analyst in the loop for the initial containment. This is what autonomous, AI-native defense looks like when it meets a real-world threat at machine speed. The gap between the velocity of this attack and the capacity of human-driven investigation is the gap where organizations get compromised. Closing that gap is not a feature request. It is an architectural decision. The LiteLLM detection wasn't a one-off. It's what happens when autonomous, behavioral AI is built into the foundation, not bolted on after the fact. The Singularity Platform's kernel-level visibility across endpoint, cloud, identity, and AI workloads is why the agent saw this regardless of whether the install came from a human, a CI pipeline, or an AI coding assistant. For teams that need the human expertise layer on top, Wayfinder MDR extends that autonomous detection with 24/7 investigation and response, closing the gap between detection and resolution. This is the Autonomous Security Intelligence (ASI) framework in practice: AI that acts at machine speed, backed by human expertise when it matters, across every surface the attack can reach. See how the Singularity Platform protects AI infrastructure and request a demo today.
