“ Round 20 April 7–8, 2026

• Source ID: src-20260409-f5e09e325670
• Kind: analysis
• Scope: shared
• Origin: community-analysis
• Raw path: sources/raw/round-20-april-7-8-2026__src-20260409-f5e09e325670.md
• Status: active

Summary

Community analysis document covering Claude Code architecture, internals, and leak analysis. See extracted entities and claims below.

Tags

analysis

Extracted entities

• ent-20260409-d3922fa59086 Operon Desktop Mode (service): Unreleased science research workspace for biology/healthcare discovered March 27
• ent-20260419-a1b2c3d4e501 CVE-2026-35020 (issue): Unpatched critical (CVSS 8.4) command injection in Claude Code's which.ts comman
• ent-20260419-a1b2c3d4e502 CVE-2026-35022 (issue): Unpatched credential exfiltration vulnerability in auth.ts credential-helper pat
• ent-20260419-a1b2c3d4e503 CVE-2026-35021 (issue): High-severity (CVSS 7.8) command injection in promptEditor.ts editor-launch path
• ent-20260419-a1b2c3d4e504 Phoenix Security Kill Chain (concept): Single exploitation chain linking CVE-2026-35020 (TERMINAL env injection, zero u
• ent-20260419-a1b2c3d4e505 CVE-2026-31861 (issue): CVSS 8.8 command injection in the @siteboon/claude-code-ui adjacent-tooling pack
• ent-20260419-a1b2c3d4e506 CVE-2026-34714 (Vim tabpanel RCE) (issue): CVSS 9.2 remote code execution in Vim discovered by Claude Code in ~2 minutes fr
• ent-20260419-a1b2c3d4e507 GNU Emacs Git Forever-Day (issue): Zero-day dating back to 2018 in how GNU Emacs interacts with Git; exploitable si
• ent-20260419-a1b2c3d4e508 Linux Kernel 23-Year Vulnerability (issue): Linux kernel vulnerability present for ~23 years, surfaced by Nicholas Carlini (
• ent-20260419-a1b2c3d4e509 12 Boring Primitives Framework (concept): Nate Jones' architectural framing of Claude Code as '20% LLM, 80% plumbing,' org
• ent-20260419-a1b2c3d4e50a Nate Jones (person): Analyst whose YouTube breakdown and Substack deep-dive of the Claude Code leak p
• ent-20260419-a1b2c3d4e50b Nicholas Carlini (person): Research scientist at Anthropic. Used Claude Code to surface a 23-year-old Linux
• ent-20260419-a1b2c3d4e50c Hung Nguyen (Calif AI Red Teaming) (person): Security researcher at Calif AI Red Teaming who sent Claude Code a one-sentence
• ent-20260419-a1b2c3d4e50d Dark Code Thesis (concept): Forbes-coined category for AI-agent-authored code that compiles, passes tests, a
• ent-20260419-a1b2c3d4e50e CVE-2026-2796 Autonomous JS Engine Exploit (document): Published on red.anthropic.com/2026/exploit/. Claude autonomously wrote a full W
• ent-20260419-a1b2c3d4e50f Jonny Teardown (document): Engineer 'Jonny (good kind)' teardown of the leaked Claude Code source, elevated
• ent-20260419-a1b2c3d4e510 Anthropic IPO Timeline (Q4 2026) (concept): Anthropic's reported Q4 2026 (October) IPO target at $380B valuation (post-$30B
• ent-20260419-a1b2c3d4e511 Anthropic VDP 'Informative' Disposition (decision): Anthropic Vulnerability Disclosure Program disposition closing CVE-2026-35020 an

Extracted claims

• clm-20260419-a1b2c3d4e601 [fact]: Three CVEs on v2.1.91 chain into no-click credential+MEMORY.md exfiltration
• clm-20260419-a1b2c3d4e602 [pattern]: All five known Claude Code CVEs share CWE-78 (OS command injection via unsanitized string interpolation)
• clm-20260419-a1b2c3d4e603 [metric]: Claude Code discovered a Vim RCE zero-day in 2 minutes from a one-sentence prompt
• clm-20260419-a1b2c3d4e604 [fact]: Claude Code surfaced a 23-year Linux kernel vulnerability from an open-ended prompt
• clm-20260419-a1b2c3d4e605 [hypothesis]: Claude Code is 20% LLM call and 80% plumbing (12 primitives)
• clm-20260419-a1b2c3d4e606 [fact]: Permission tiers in Claude Code evaluate per tool call, not per session
• clm-20260419-a1b2c3d4e607 [pattern]: Workflow state and conversation state are stored separately so compaction preserves task memory
• clm-20260419-a1b2c3d4e608 [constraint]: Token budget is checked before each turn, not after
• clm-20260419-a1b2c3d4e609 [pattern]: Tool calls emit events to all listeners simultaneously — no polling
• clm-20260419-a1b2c3d4e60a [pattern]: Verification is a separate model call, not a self-check in the main loop
• clm-20260419-a1b2c3d4e60b [fact]: Claude Code does not load all 40 tools into every context
• clm-20260419-a1b2c3d4e60c [fact]: Six role-specialized agent types each have their own context budget and tool subset
• clm-20260419-a1b2c3d4e60d [observation]: Anthropic invested in what Claude Code can do, not in what it produces
• clm-20260419-a1b2c3d4e60e [observation]: Undercover Mode makes dark code invisible to AI-attribution audit tooling
• clm-20260419-a1b2c3d4e60f [fact]: Claude autonomously constructed addrof+fakeobj from WebAssembly GC type confusion
• clm-20260419-a1b2c3d4e610 [metric]: Claude Code at $2.5B ARR drives 80% enterprise share within a $19B Anthropic ARR
• clm-20260419-a1b2c3d4e611 [decision]: Anthropic declined to patch TERMINAL/apiKeyHelper chain, citing 'controlling TERMINAL implies code execution'
• clm-20260419-a1b2c3d4e612 [metric]: 18 independent security modules protect the Bash tool alone

Extracted relations

• rel-20260419-a1b2c3d4e701: CVE-2026-35020 --[contains]--> Phoenix Security Kill Chain
• rel-20260419-a1b2c3d4e702: CVE-2026-35022 --[contains]--> Phoenix Security Kill Chain
• rel-20260419-a1b2c3d4e703: Phoenix Security Kill Chain --[depends_on]--> CVE-2026-35020
• rel-20260419-a1b2c3d4e704: Anthropic VDP 'Informative' Disposition --[blocks]--> CVE-2026-35020
• rel-20260419-a1b2c3d4e705: Anthropic VDP 'Informative' Disposition --[blocks]--> CVE-2026-35022
• rel-20260419-a1b2c3d4e706: Phoenix Security --[owns]--> Phoenix Security Kill Chain
• rel-20260419-a1b2c3d4e707: Hung Nguyen (Calif AI Red Teaming) --[caused]--> CVE-2026-34714 (Vim tabpanel RCE)
• rel-20260419-a1b2c3d4e708: Claude Code --[caused]--> CVE-2026-34714 (Vim tabpanel RCE)
• rel-20260419-a1b2c3d4e709: Claude Code --[caused]--> GNU Emacs Git Forever-Day
• rel-20260419-a1b2c3d4e70a: Nicholas Carlini --[caused]--> Linux Kernel 23-Year Vulnerability
• rel-20260419-a1b2c3d4e70b: Claude Code --[caused]--> Linux Kernel 23-Year Vulnerability
• rel-20260419-a1b2c3d4e70c: Nate Jones --[owns]--> 12 Boring Primitives Framework
• rel-20260419-a1b2c3d4e70d: 12 Boring Primitives Framework --[summarizes]--> Claude Code
• rel-20260419-a1b2c3d4e70e: 12 Boring Primitives Framework --[supports]--> 7-Agent Feature Model
• rel-20260419-a1b2c3d4e70f: 12 Boring Primitives Framework --[supports]--> Bash Security Pipeline
• rel-20260419-a1b2c3d4e710: Dark Code Thesis --[depends_on]--> Undercover Mode
• rel-20260419-a1b2c3d4e711: Jonny Teardown --[related_to]--> CVE-2026-35020
• rel-20260419-a1b2c3d4e712: Jonny Teardown --[related_to]--> CVE-2026-35022
• rel-20260419-a1b2c3d4e713: CVE-2026-2796 Autonomous JS Engine Exploit --[related_to]--> Anti-Distillation Defenses
• rel-20260419-a1b2c3d4e714: Anthropic IPO Timeline (Q4 2026) --[informed_by]--> Source Map Leak (March 31, 2026)
• rel-20260419-a1b2c3d4e715: Anthropic IPO Timeline (Q4 2026) --[depends_on]--> Claude Code
• rel-20260419-a1b2c3d4e716: CVE-2026-31861 --[related_to]--> Claude Code