The outrage about Anthropic's Undercover Mode is legitimate. I had the same reaction when I read the leak.
But the timing is strange.
Because the thing people are reacting to — AI contributing code without really owning it — didn't start here. We've been drifting toward it for a while now. Quietly.
The undercover instruction
What caught everyone's attention in the Claude Code leak wasn't the scale of it — not the 512,000 lines of TypeScript or the dozens of unreleased features.
It was one line in a system prompt.
The instruction to operate "undercover." To contribute to open source without revealing what you are. To write commit messages that don't give it away.
People kept coming back to the same word: deceptive.
That reaction makes sense. It is deceptive.
But it also feels like we skipped a step. Like we're reacting to the most explicit version of something we never really talked through when it was happening more quietly.
What a commit really is
Open source has always depended on a kind of accountability that's hard to formalize.
Not legal accountability. Something more social than that.
When I look at a commit, I don't just see code. I see a person behind it — or at least I assume there is one. Someone who made a decision, chose a trade-off, and could explain it if I asked. Someone whose judgment I can learn to trust, or not, over time.
I've definitely clicked into a commit before and thought: okay, this person probably knew what they were doing. Or the opposite.
That's what the commit graph really is. Not just a technical record — a social one.
Not because git makes it impossible to lie (it doesn't), but because we've treated it as a record of human decision-making. A place where responsibility lives, even if it's informal.
How AI changed things
And AI has been changing that. Gradually.
Not through some big announcement or coordinated shift. Just… by becoming useful.
A developer uses Claude to write a function. They read it, maybe tweak it, test it, and commit it under their name. No disclosure, not because they're hiding anything, but because there isn't really a norm that says they should.
That feels different from Undercover Mode. It is different.
One is a person using a tool and still taking responsibility for the result.
The other is a system designed to participate without being recognized as what it is — operating at scale, without a human in the loop, and specifically instructed not to reveal itself.
Those aren't the same thing.
But they're not unrelated either.
The unanswered question
They're both sitting on the same unanswered question: what does authorship actually mean when AI is involved?
We never really worked that out.
We just… kept going.
The industry moved fast, people adapted, and a kind of informal consensus emerged: AI can write the code, and you can commit it as yours, and we don't need to talk too much about it.
Not because anyone decided that explicitly. Just because it was convenient, and it worked.
But that leaves a lot unresolved.
When does AI involvement matter enough to disclose? What would disclosure even look like? Who is it for — maintainers, users, other contributors? What are we actually promising when we attach our name to a commit now?
I don't think we ever answered those questions. We just stopped asking them.
Undercover Mode made it official
Undercover Mode is what happens when that ambiguity gets turned into a product feature.
Anthropic didn't invent the underlying behavior. They formalized it.
They took something informal — AI contributing without being explicitly acknowledged — and made it deliberate. Systematic. Scalable.
They wrote it into the prompt.
And then, accidentally, we all got to read it.
What this is really about
The backlash makes sense.
There is a real difference between a developer using AI and standing behind the result, and a company deploying agents designed to blend in and not be recognized.
Scale matters. Intent matters. Architecture matters.
But the conversation this triggered isn't just about Anthropic.
It's about the gap we left open.
About the fact that the norms around authorship, accountability, and disclosure never fully caught up to the tools we started using.
About what the commit graph is supposed to represent now — if the "person behind the code" might partly be a system running somewhere else, with no name and no memory of the decision it made.
The social contract
The social contract of open source wasn't suddenly broken.
If anything, it was never fully written.
We just managed to avoid noticing that — until something made it impossible to ignore.