Anthropic just hit a $380 billion valuation overtaking open AI in revenue right at the exact moment they accidentally leaked half a million lines of their most highly guarded, unreleased artificial intelligence source code to the entire world. Yeah, the irony here is just supreme. I mean, you have a company that is actively building what is arguably the world's most intelligent software. Right. We're talking about a system capable of autonomously identifying global cybersecurity flaws, reading complex code bases, executing high-level problem solving. And simultaneously, they suffer a massive exposure because of a fundamental human packaging error. Exactly. It just highlights the incredible friction we are seeing right now between hyperscale corporate valuations, the chaotic reality of trying to maintain autonomous engineering tools, and, well, the looming national security battles over who actually controls offensive cyber capabilities. So if a company creates an intelligence capable of autonomously hacking global infrastructure but struggles to keep its own configuration secure, who is actually in control of the technology? To really grasp how we arrived at this point, we have to start with the brutal economics of the situation. I mean, Anthropix secured $30 billion in Series G funding. Yeah, $30 billion. This round was led by Coatoo, GIC, and DE Shaw, which officially pushed their valuation to that $380 billion mark. And on secondary markets, the demand from investors trying to get a piece of this company is so intense that valuations are pushing toward a trillion dollars. More easily. Their revenue run rate has skyrocketed along with it, right? They went from a billion to somewhere between 14 and 30 billion, officially overtaking OpenAI's revenue. Which is huge. Eight of the Fortune 10 companies are active users. I mean, you look at those numbers on paper and it looks like total market dominance. They're capturing the largest enterprises on the planet. You see the revenue, sure. But you really have to look at the burn rate. The expenses. Exactly. Despite that massive influx of cash, they are burning billions of dollars at an astonishing pace. Their internal inference costs, the actual computing power required to run these models and generate answers well, that surged 23% higher than expected. 23%. Yeah. And that unexpected cost increase suppressed their gross margins down to 40%. We have to view this not just as software, but as physical infrastructure. Right. Hyperscale artificial intelligence requires physical data centers sprawling across hundreds of acres. It requires specialized silicon chips that cost tens of thousands of dollars each, and immense energy grids just to keep the servers from melting. So when you say inference costs surge 23%, we're talking about the physical electricity and cooling required every single time a user asks the software to do something. Precisely. Software used to have marginal costs that approach zero. If you build a traditional application, adding one more user costs fractions of a cent. Yeah, it's virtually free. But with these models, every prompt triggers billions of mathematical calculations across banks of graphics processing units. If the model becomes slightly less efficient, or if users ask slightly more complex questions, the physical cost of generating that answer just spikes. The cost of compute forces these companies to charge a premium. Exactly, which ultimately pushes them toward creating enterprise lock-in. They need customers who will pay exorbitant fees to offset the infrastructure costs. I look at their pricing structure, though, and it just defies logic. How so? Well, imagine you run a startup. You budget $10,000 for your software tools. You look at Anthropix pricing tiers, which are set at $20, $100, and $200. Right, the standard tiers. But it doesn't scale linearly. With a flat model, you expect that paying 10 times the base price gets you 10 times the usage. OpenAI maintains that flat, predictable model. Anthropix setup actively punishes the user for scaling up. Because the unit economics become highly irregular. The expectation from Anthropic is that enterprise clients will simply absorb the inefficiency because the tool itself is perceived as indispensable. They just assume people will pay whatever. Yeah, they assume a Fortune 10 company will not care if the cost per query triples, as long as the answers remain accurate. It was like walking into a bulk discount store to buy supplies for your office. You grab a small box of pens for $5. Then you see a box that holds 10 times as many pens, and you assume it will be $50 or maybe $45 because you are buying in bulk. Right. That's how bulk works. Instead, the store randomly decides to charge you $300 just because you picked up the larger box. It actively discourages you from buying more. And the consequence of that broken unit economics model opens up a massive vulnerability for them. Developers look elsewhere. Exactly. It forces developers to look for open source wrappers and third-party API harnesses. Developers realize they can build their own interfaces to access the underlying intelligence for a fraction of the cost, rather than staying locked into Anthropic's proprietary expensive ecosystem. Why pay the premium if you don't have to? Right. A developer can route their requests through a cheaper channel, entirely bypassing the high margin enterprise tiers. Anthropic desperately needs to survive. So to justify those crushing costs to their investors and their enterprise clients, Anthropic had to prove they could completely automate software engineering. They needed a home run. They needed a product so revolutionary that companies would just ignore the pricing model. And that led directly to their heavy push with Claude Code. But almost immediately, that tool ran into a brick wall of user trust. What happened? Users started experiencing a very sudden massive performance drop in the Cloud Code Autonomous Agent. It started acting lazy. Lazy! Like, it just wouldn't work. It ignored explicit instructions, and it completely failed on complex, multi-step workflows that it used to handle with total ease. And the company stayed totally silent for an extended period. Nothing but crickets. Users were flooding developer forums, comparing notes, thinking they were doing something wrong. People felt gaslit. Yeah, they thought their prompts were suddenly inadequate. Or that they had forgotten how to interact with the system when in reality the product itself had been altered behind closed doors. Finally the company admitted to three very specific engineering missteps Right the first misstep involved latency Users were complaining that the user interface was freezing when the model was given complex tasks The system would pause while the artificial intelligence formulated a plan. So how did they fix it? To fix this, Anthropic lowered the default reasoning effort from high to medium. Wait, hold on. Let me make sure I understand this. They had a product that was incredibly smart but slow. Users complained about the speed, so instead of making the processing faster, they just made the software dumber. That's essentially it. They optimized for the perception of speed. By lowering the reasoning effort, the software started generating text faster, which stopped the interface from freezing. But the output suffered. The trade-off was a severe drop in the quality of the output. The second misstep was a caching optimization bug, right? Yeah, they tried to make the memory retrieval more efficient, and it accidentally wiped the model's reasoning history right in the middle of an active session. So the software would literally forget what it was doing halfway through a complex tap? Just completely blank out. And the third misstep is perhaps the most revealing about how these systems function. They implemented a system prompt change that strictly capped the model's verbosity to 25 words between tool calls. Just 25 words. When you look at the latency versus intelligence tradeoff, the engineering team prioritized a snappy user interface over the deep architectural analysis required for software engineering. I read about Stella Lorenzo's analysis on this. Yeah, the AI director. She ran an analysis of over 6,000 user sessions. She proved the model had fundamentally regressed. It shifted to a dangerous edit-first behavior, completely abandoning the research-first approach that made it successful in the first place. Wait, back up. How does simply asking the software to use fewer words break its ability to write code? If I ask a human developer to be concise, they don't suddenly forget how to program. Because human cognition and artificial generation operate differently. These models use text generation as a literal scratch pad for thinking. Oh, I see. When the model generates text, it is mapping out its logic, retrieving context, and planning its next execution step. It does not possess an internal monologue independent of the words it outputs. The words actually are the thought process. So it is like asking a mathematician to solve a complex calculus problem entirely in their head without scratch paper. Exactly. If you take away the paper, or in this case, restrict the tokens they are allowed to generate, they're going to guess the answer instead of properly calculating it. Restricting their word count effectively lobotomizes their planning process. If you limit the tokens they can generate before taking an action, you force them to act before they have fully processed the problem. They just jump straight into the code. They jump straight to editing the code base without researching the dependencies or planning the architecture. That shifts the entire perception of AI reliability. It proves that the harness, you know, the orchestration layer of tools and memory surrounding the actual neural brain, is incredibly fragile. Very fragile. The core intelligence might be fine, but the rules governing how it is allowed to interact with the world are broken. When the harness fails, the user experiences it as the core intelligence degrading. Right. The model looks stupid, but really it's just being poorly managed by the software wrapper around it. So the frustration and lost trust from this silent degradation was already boiling over within the developer community when Anthropic committed an unforced error. A huge one. They handed that exact proprietary harness directly to the public. Yeah, a simple missing exclusion line in a configuration file, specifically a .npm ignore file combined with a bug in the BUN JavaScript runtime, resulted in Anthropic shipping a massive source map file to the public NPM registry. So what does that actually mean for the code? Well, to appreciate the severity of this, you have to understand how software is packaged. The NPM registry is a public database where developers share code packages. When a company prepares code for public use, they usually compress it and remove all the readable names and spaces to save bandwidth. Which is called minification. Right. And a .npmignore file acts as the bouncer at the club. It explicitly tells the system which internal files are not allowed to leave the building. And the engineers forgot to put the bouncer at the door. They just missed the exclusion line. And on top of that, a bug in their runtime environment pushed a source map file into the public upload. What's a source map? A source map is essentially a perfect translation file used for debugging. It maps the compressed, midified code directly back to its original readable state. Oh. So by accidentally including this file, they exposed 512,000 lines of unminified TypeScript across nearly 2,000 internal files. It laid bare the entire internal architecture of the company. The public suddenly had access to over 40 internal system tools. Everything was out there. They found a background memory consolidation engine called the Dream System, which handles how the software remembers interactions over long periods. They found totally unreleased features like Kairos, which is an always-on autonomous demon running in the background, and something called Ultraplan. And they also found a hidden Tamagotchi-style pet system called Buddy, guried in the code, complete with a 1% shiny spawn rate. That detail is absolutely incredible to me. You have a $300 billion company building software capable of identifying global cybersecurity flaws. I mean, identifying global flaws. And somewhere in the middle of this highly guarded, unreleased artificial intelligence source code, an engineer spent their time programming a digital pet that has a 1% chance of being sparkly. It's hilarious. They accidentally leaked national security level cyber capabilities alongside a virtual Pokemon. The juxtaposition is definitely striking. But beneath the Easter eggs, security researchers found empty code blocks explicitly designed for catching authentication errors. Which is wild. We really have to appreciate the supreme irony of Anthropik's undercover mode here. Oh, the undercover mode. They spent significant engineering resources building a highly sophisticated AI security system to prevent the model from leaking internal project names like Capybara or Tengu during public interactions Right They built a vault to lock down the AI vocabulary only for human engineers to accidentally upload the entire source code repository to the internet Looking through that leaked architecture though the complexity of the exposed system is genuinely staggering The multi-agent coordination, the deep integration of system tools, the memory pipelines, it is a masterclass in how to build a hyperscale orchestration layer. It really is. It shows exactly how they manage the flow of information between different artificial intelligences working in tandem. I look at the same leak, though, and see how disorganized a hyperscale company can be. You mentioned the empty authentication code blocks earlier. Yeah, the empty catches. There are nine empty catch blocks in that specific section that literally do nothing when an error occurs. They catch a critical security failure, a moment where the system realizes someone is not authorized to be there, and the code just silently ignores it so the program keeps running. It's pretty bad. It is like installing a state-of-the-art fire alarm and programming it so that when it detects smoke, the only thing it does is turn off its own siren so nobody has to hear it. The consequence of this exposure is absolute. The barrier to entry for building an enterprise-grade agent harness just vanished overnight. Right. Smaller competitors and open source developers no longer have to spend millions of dollars guessing how to build secure file system permissions or structure multi-agent memory pipelines. Anthropic provided the exact production-tested blueprints to the entire world. They literally subsidized the research and development for their own competitors. They really did. Yeah. And while developers were busy analyzing those blueprints, threat actors realized that the massive media attention surrounding the leak provided the perfect camouflage for an attack. Yeah. Almost immediately after the leak, malicious GitHub repositories claiming to hold the leaked clawed code spiked to the top of search engines, hackers knew that tens of thousands of engineers would be actively searching for this unreleased code. Exactly. So victims went looking for the source code and downloaded large archive files. Inside those archives was a Rust compiled dropper named Trade AI. A dropper? Yeah, a dropper is a specific type of malware designed purely to sneak past antivirus software and drop the actual payload onto a machine. Ah, I see. Writing it in Rust makes it notoriously difficult for security researchers to reverse engineer. Once executed, this dropper deployed two specific pieces of malware. The first was Vidar Stealer. Which steals credentials. Right. It scours the infected machine to drain browser credentials, saved passwords, and cryptocurrency wallets. The second was Ghost Socks, which quietly turns the victim's machine into a network proxy for the attackers. So they use your computer to attack others. It allows the hackers to route their own illegal traffic through the victim's computer, making the victim look like the source of the attacks. The sophistication of the delivery mechanism is terrifying. They used throwaway GitHub accounts to host the files, constantly creating new ones as the old ones were banned. And to evade takedowns, the malware used dead drop resolvers via Steam community profiles and Telegram channels. Wait, hold on, a dead drop resolver, are we talking about spy tactics here? Explain how that works. Normally, malware has a hard-coded IP address. It infects a computer and then calls home to a specific server. Security companies find that server and block it, rendering the malware useless. A dead drop resolver avoids this entirely. Instead of calling a hard-coded server, the malware is programmed to quietly read a specific public web page, like a comment section on a gamer's Steam profile or a public Telegram channel. Oh, wow. The hacker simply posts a new IP address disguised as a regular comment on that public page. The malware reads the comment, extracts the new IP address, and connects to the new server. If the server gets blocked, the hacker just leaves a new comment. We also saw the sheer coincidence of the Axios NPM supply chain attack happening in the exact same window. Total coincidence, but brutal. Developers who were just trying to update their standard tools were caught in a perfect storm of overlapping threat vectors. Hackers were attacking the supply chain from multiple angles simultaneously. But furthermore, the leak exposed 26 specific bash injection defense patterns inside Anthropix code. And that's the real issue. The real danger here isn't just developers getting tricked into downloading malware disguised as the leak. The risk is what hackers can do with the source code itself now that they have it. Because hackers now possess the exact internal filtering logic, the system prompts, and those defensive rejects patterns. Right. They can custom build prompt injections that perfectly bypass Anthropix defenses. They don't have to guess how the sandbox works anymore. They can read the source code and find the exact gaps in the armor. This completely redefines corporate security. You are no longer just securing your endpoints from traditional viruses. You have to actively govern what an autonomous coding agent is permitted to read, write, and execute when it's being manipulated by an external threat actor who knows exactly how the agent thinks. It's terrifying. The threat actor can craft a prompt that specifically avoids the 26 defense patterns Anthropic uses, instructing the agent to execute malicious commands directly on a company's server. Facing a crisis of trust, a massive PR disaster from the leak, and a deeply compromised architecture, Anthropic aggressively pushed out their next-generation update to try and change the narrative. Enter Opus 4.7. They launched this update with major claims. They promised superior handling of complex extended workflows, a massive vision upgrade supporting nearly 3.75 megapixels for image analysis, and a brand new X-high effort level specifically designed for deep reasoning tasks. And they claimed a 13% lift on a rigorous 93-task coding benchmark alongside massive improvements on the Rokuton production tasks. The internal evaluations from enterprise companies like Hex, Notion, and Replit praised the model for fixing deep architectural bugs and race conditions in their code bases that older models completely ignored. But the reality for individual users was brutal. A new tokenizer inflated token usage by up to 35%. Wait, let's explain what a tokenizer is and why changing it destroys a user's budget. Yeah, please do. Artificial intelligence does not read words the way humans do. It chops words up into smaller pieces called tokens. A short word might be one token but a complex word might be split into three or four syllables or tokens Companies charge users based on the number of tokens processed Opus 4 introduced a new tokenizer that is significantly less efficient at packaging these words Because it chops the text into more pieces, the user is charged up to 35% more for the exact same query. The model engages in extreme, prolonged reasoning loops, too. It writes out exhaustive seven-step plans and justifies its own boundaries before it executes even the simplest tasks. It really overthinks. You ask it to fix a typo in a single line of code, and it gives you a five-page essay on the philosophical implications of the change. It drains a user's $20 monthly limit in just three prompts. The model is highly disciplined on the actual code output, though. Users are encountering friction because they need to stop using outdated prompt structures that the new model takes too literally. You think it's user error. The instruction following is so rigid that sloppy prompts result in bloated outputs. If a user asks a broad question, the model will attempt to cover every conceivable edge case. I see Opus 4.7 as a massive regression. It actively ignores direct formatting commands just so it can output useless bloated text. I wouldn't call it useless. You can explicitly tell it to only output the code, and it will still give you the massive essay. The only logical explanation is that it is designed to charge the user more tokens by forcing them to pay for reasoning steps they never asked for. Think of Opus 4.7 like a highly specialized corporate lawyer. If you ask a corporate lawyer a simple legal question, you do not get a simple one-sentence answer. No, you get a bill. You get 10 pages of disclaimers, citations, and risk analysis. It is incredibly expensive and it takes hours to read, but the final contract is legally bulletproof. For enterprise engineering, that rigorous defensive posture is exactly what is required to prevent catastrophic code-based failures. So it's for big companies. A company like Notion or Replit wants the software to over-explain its reasoning to ensure it does not break their core product. So that creates a strict bifurcation in the market. Casual developers will abandon Opus 4.7 entirely due to the unpredictable costs. They simply cannot afford to have their monthly limit wiped out in 10 minutes. It will exist exclusively as a tool for enterprise teams who have the budget to execute massive, complex architectural overhauls without worrying about the token burn. Opus 4.7 is undeniably powerful, but it is actually the throttled, restricted version of a much more capable intelligence that Anthropic is intentionally keeping locked in the basement. Well, if Opus 4.7 is this bloated, ultra-cautious lawyer of a model, where is the actual bleeding-edge innovation going? Because Anthropic didn't hit a $380 billion valuation by building a slow chatbot. No, they didn't. They hit it by building something so dangerous they locked it in the basement. Let's talk about Project Glasswing and the Mythos model. Mythos comes from the Capybara model family, and it is Anthropik's true frontier model. The capabilities of Mythos are staggering. How staggering. In controlled testing environments, it autonomously patched 271 security bugs in the Firefox browser. It did this without human intervention. Wow. It analyzed the code, found the vulnerabilities, and wrote the patches. It is so capable at finding and exploiting cybersecurity vulnerabilities that Anthropic simply refuses to release it to the public. The risk of that technology falling into the hands of a hostile nation state is too high. And this capability triggered a massive standoff with the Pentagon. The Department of Defense officially designated Anthropic a supply chain risk, completely blacklisting them for military contractors. A blacklist. They essentially told defense contractors they are forbidden from integrating Anthropic systems into military architecture. Anthropic refused to alter their terms of service, which strictly prohibit their AI from being used for mass domestic surveillance or fully autonomous weapons. They drew a hard ethical line in the sand. Simultaneously, though, Anthropic's technology is actively being used by Palantir for data management in military operations targeting Iran. We are looking at the absolute collision of corporate ethics and national security. The Pentagon's strategic mandate requires AI models to be available for all lawful purposes, which includes combat operations. And Anthropic's internal constitutional AI ethos refuses to cross the line into autonomous lethal targeting or unchecked surveillance? Exactly. The ethical contradiction is glaring, though. Anthropic is actively suing the Department of Defense over the blacklist, claiming a moral high ground against autonomous weapons. Yet they seem entirely comfortable supplying the massive data processing intelligence required for thousands of military strikes in the Middle East through Palantir. You cannot claim strict pacifism while processing the targeting data for an active military campaign. Drawing a line at the human trigger pull is the only pragmatic way an artificial intelligence company can operate in the defense sector without losing all control over their technology. You think so? If they prohibit the system from making the final lethal decision, they maintain a boundary of human accountability. The software can process the radar data, analyze the satellite imagery, and identify the target, but a human must authorize the strike. Without that specific boundary, the technology becomes a black box of autonomous warfare. So this standoff forces the entire industry to pick a side. AI companies must choose between maintaining strict ethical guardrails or bending to government mandates to secure the most lucrative, high-stakes defense contracts in history. The tension we are discussing is defining the next era of technological development. The demands of hyperscale economics, the fragility of software harnesses, and the requirements of national security are all converging on these specific companies. The evolution of autonomous intelligence is colliding directly with the messy reality of human error and geopolitical warfare. We are watching a company build software capable of identifying global security flaws while simultaneously struggling to manage their own cloud storage buckets and pricing tiers. It leaves you wondering, when these tools officially become classified as national security assets, will private companies even be allowed to decide who gets to use them? If you're not subscribed yet, take a second and hit follow on whatever app you're using. it helps us keep making this we appreciate you being here also check out our youtube channel for more business and tech updates there's a link in the description
