Claude Code Leak and a WordPress Killer (AI Weekly Roundup)

This week’s AI weekly roundup covers four stories that actually move the needle for marketers and creators: Anthropic accidentally leaked the entire Claude Code source, everyone hit the new usage limits at the same time, Cloudflare dropped a WordPress alternative nobody saw coming, and Anthropic quietly previewed a model that can find zero-day vulnerabilities on its own.

Here is what happened, why it matters, and what I actually think.

Anthropic Leaked the Entire Claude Code Source

On March 31, Anthropic shipped an npm release missing one tiny config file. That mistake exposed a 59.8 MB source map. Inside it was roughly 512,000 lines of unobfuscated TypeScript across 1,906 files.

The full agent loop. The permission system. The safety prompts. Feature flags gating 20+ unshipped capabilities. Even an unreleased autonomous daemon mode called KAIROS.

Source: VentureBeat coverage of the leak

Ryan’s Take: The model is not the moat, the scaffolding is. Claude Code wins because of the agent loop, the permission system, and the skills architecture wrapped around the model, not the model itself.

Claude Code Usage Limits Are Hitting Everyone

Starting March 26, Anthropic started draining the 5-hour session window faster during peak hours (8 AM to 2 PM Eastern, weekdays). Same query, more pain, if you work when everyone else works.

The community response has been a flood of token-saving tips. Batch your prompts instead of firing three in a row.

Reference specific files with @filename instead of dumping the whole repo into context. Kill MCP servers you do not need (one server can eat 18,000 tokens per message). Push heavy refactors to nights and weekends.

Source: Anthropic’s official usage limits doc

Ryan’s Take: Most people are burning tokens on context bloat they never look at. Audit your MCPs this weekend and you will probably cut your usage by 30% without changing how you work.

Cloudflare Just Built a WordPress Killer

On April 1, Cloudflare dropped EmDash, a full stack serverless CMS built on Astro 6.0 and written entirely in TypeScript. The pitch is security. WordPress plugins are responsible for 96% of the security issues on WordPress sites.

EmDash fixes this by running every plugin inside a sandboxed Cloudflare Worker with explicit capability bindings. If a plugin did not declare it needs file access in its manifest, it does not get file access.

Cloudflare rebuilt the whole thing from scratch with AI coding agents, used zero WordPress code, and shipped it under the MIT license.

Source: Cloudflare’s official EmDash announcement

Ryan’s Take: This is not another AI tool wearing a costume, 95% of those are white labeled ChatGPT with a 10x markup. EmDash is actually different, but the architecture is right and the ecosystem is empty, so the real question is whether Cloudflare can convince developers to port.

Anthropic Previewed Claude Mythos and Launched Project Glasswing

On April 7, Anthropic dropped two announcements at once. The first is Claude Mythos Preview, a frontier model that can discover and exploit zero-day vulnerabilities in major operating systems and web browsers on its own. The second is Project Glasswing, a defensive program that gives security researchers and critical infrastructure operators early access to Mythos so they can find and patch holes before the model ships broadly.

Anthropic is essentially saying the next generation of AI can break things at a scale no human red team can match, so they are giving the defenders a head start.

Source: Anthropic’s Claude Mythos Preview writeup

Ryan’s Take: This is the first AI release where the launch post is also a warning label. If you run any kind of web infrastructure for clients, the next 12 months are about closing every dumb vulnerability before AI finds it for someone with bad intent.

What This Means for Marketers

Four stories, one theme. The next 90 days are about discipline, not output volume.

The Claude Code leak proved that scaffolding beats raw model power. The usage limits are forcing everyone to stop wasting tokens on context bloat.

EmDash is a reminder that the AI infrastructure layer (real infrastructure, not white label slop) is where the next wave of tooling is actually being built. And Mythos plus Glasswing is the canary in the coal mine for anyone running client websites without a real security posture.

If you want the same toolkit and workflows I use to run client work, my newsletter, and ryandoser.com, grab my Free AI Marketing Guide here.

Get The 20+ Claude Skills That Run My Business

Get Instant Access