Technology

Everything You Write Down Eventually Gets Read

Encoding what a team knows makes people faster, and it also builds the record that testifies against you. Three leaks this week show both sides.

Manish Singh/July 16, 2026/5 min read

Most of what a team knows never gets written down. It lives in the head of whoever has been there longest, and you learn the rule only by breaking it. Your pull request comes back rejected because it used the wrong framework, or the feature you shipped ignored an architectural pattern that nobody ever put on paper.

Boris Cherny, who built Claude Code at Anthropic, calls that rejection a failure of automation, and on the engineering point he is right. His argument runs in three moves.

  • Automation and developer tooling have always been the highest-leverage work an engineer does, because they multiply one person's output.
  • Moving a fix into code, a lint rule, a CI step, a routine, closes a whole class of problem permanently instead of solving the same instance over and over.
  • Encoding domain knowledge as infrastructure lets newcomers, and even non-engineers, contribute on day one.

None of this is new, and the honest version of the post says so. "Don't Repeat Yourself" is the spine of The Pragmatic Programmer. Google's site reliability engineers have a whole doctrine about capping and automating away toil, the repetitive manual work that should be engineered out of existence. Linting in CI catches a convention violation once and forever. End-to-end suites replaced the manual smoke test years ago. What agents add is a rung the old tooling could never reach. Types and lint rules can only express what fits in types and lint rules. A model reading prose can absorb the unwritten conventions, the architectural intent, the reasons behind a decision, if you bother to write them into a CLAUDE.md or the open AGENTS.md format or a skills folder. The knowledge that used to live in someone's head becomes a file.

I like the argument. I also notice that Cherny himself reportedly runs a fairly plain setup and says Claude Code works well out of the box, which sits a little awkwardly next to the instruction that every team should be writing extensive infrastructure. Files rot. A stale rule misleads an agent more confidently than no rule at all. And "coding is solved" is a large claim carrying a lot of weight it has not yet earned. But the core move is sound: turn tacit knowledge into a durable artifact so the next person, or the next agent, can read it without asking anyone.

Here is where the week turned that principle over and showed me its other face. The same file that makes your team fast can be read by anyone who gets hold of it.

The code that named its own sources

A hacker breached the AI music generator Suno and handed internal data to Jason Koebler at 404 Media. According to that reporting, the attacker used a supply chain attack in November to take over an employee's credentials, then pulled source code from 2023 and 2024 that spells out how the company built its training set. The code did not hint. It named the sources.

Screenshot of Python code calling prep_data followed by commented dataset totals in hours
The leaked screenshot lists hours of audio per source in code comments, including 113,879 hours from YouTube Music and thousands more from Genius, Deezer, Pond5, IMSLP and others.

The comments read like an inventory: 113,879 hours of youtube_music, 17,615 hours of genius_hq, 62,117 hours of pond5_music, 19,514 hours of imslp, 12,287 hours of deezer, 152,162 hours of a bucket called ytm_tagged, separate columns for lyrics and foreign lyrics. One file tracked more than two million music clips already ingested. The reporting says the code specified hunting for acapella versions of songs on YouTube to train vocal generation, and that Suno appeared to scrape via Bright Data, a company that sells scraping tools.

Suno's public line is that its models were trained on "publicly available music files and related metadata accessible on third-party websites on the open Internet." That phrasing is doing a great deal of work. In its own court filings, the company put it less delicately, saying its training data includes "essentially all music files of reasonable quality that are accessible on the open internet, abiding by paywalls, password protections, and the like." The RIAA sued Suno and Udio in June 2024, and the labels' argument leans on the DMCA: deliberately circumventing YouTube's anti-scraping protections is not the same thing as picking up files lying in the open. Warner settled and struck a licensing deal in November; Universal and Sony were still litigating.

I will keep the caution honest. Every figure here traces to one hacker and one outlet. Suno confirms a breach but calls the code outdated and no longer in use, and says no sensitive user data was exposed. Treat the numbers as reported, not proven in court. But notice the shape of it. A company can say "publicly available" in a press statement, and the statement is a claim. The code is the record. When the record leaks, the claim does not survive contact with it. This is Cherny's principle read from the wrong end of the telescope: encode everything, and you have also written your own deposition.

The argument that a real secret would leak

Which brings me to the leak logic itself, and to JD Vance. On Joe Rogan he explained why he doubts the United States government holds alien remains. "If we have literal space alien remains in the custody of the United States government," he said, "there is no way that that wouldn't get leaked, that wouldn't leak out in some way." He also claimed to be really into the subject, then seemed unfamiliar with its basic stories, and promised, as he keeps promising, to get to the bottom of it.

The "it would have leaked" line is a comfortable one, and I do not accept it on its own authority. The Suno case is a small, useful data point in the opposite direction. Things do leak, yes, but they leak because someone wrote them down and someone else broke in, and what surfaces tends to confirm exactly what was being denied. Silence is not evidence of an empty vault. Large classified programs have stayed dark for years, and the person telling you a secret is too big to keep is usually the person who benefits from you not looking.

The underlying claim came from David Grusch, the former intelligence officer who told a House Oversight subcommittee in July 2023 that the US had recovered "non-human biologics" from crash sites and run a decades-long concealment program. That is testimony under oath, not a tweet. Meanwhile Vance's own framing has wandered: skeptical in 2024, floating "spiritual forces" in 2025 and naming Marco Rubio as a longtime believer, then telling a friendly show in 2026 that he thinks the objects are demons and that he had been obsessed with the files before the economy got in the way. The convenient position, the one that lets everyone stop asking, is the government's nothing-to-see-here. That is the claim I trust least. The disclosure theater around it does not reassure me either: registered Aliens.gov domains, a UAP Disclosure Act modeled on the JFK records law and then stripped down before it could bite. A pledge to get to the bottom of it, repeated across three years at the tippy-top of the classification system with nothing produced, is not curiosity. It is cheap.

The fake that leaves no trace by design

Then there is the anti-record, the thing built specifically so there is nothing real to read. James Franco resurfaced after years of silence with an account posting cryptic videos about alien friends and something not human in his garage, building to a grainy July "reveal" of a grey figure loitering outside his house. The follow-up shows the same grey hanging around a window behind him while he stands in his kitchen in a Bound for Glory shirt.

TikTok screenshot of a man in a kitchen with a dark window behind him showing a faint grey figure
The follow-up clip shows the same faint grey figure staged in the dark window behind him, matching the superimposed look critics flagged in the first video.

This one is staged, and I will say so plainly rather than gesture at both sides. The original footage was superimposed and looked it. Coverage across the entertainment press read it the same way, as a person in a mask and a low-fi stunt in Franco's old performance-art register, most likely tying into a Cloud9 film directed by Christian Guiton, one of the few accounts Franco follows. The Hollywood Reporter could not even get his representatives to confirm the account is genuinely his. There is no instrument, no chain of custody, no data. That matters, and not only because Franco carries a 2021 sexual-misconduct settlement of about 2.2 million dollars that makes any re-entry stunt worth reading skeptically. It matters because a manufactured hoax riding the UAP news cycle is precisely the kind of thing that gets waved around later to discredit witnesses who actually saw something and filed a report. Keep it in its own bin. It is noise pretending to be signal.

What ties the four together is what each one does with a record. The engineer builds one deliberately so the next person can read it. The company builds one and prays no one ever does. The politician insists a record that damning could never have stayed hidden, which is the assertion, not the proof. The actor manufactures the appearance of one and hopes you cannot tell the difference.

A firm that writes its methods into code has already lost the argument the day someone reads the code, which is why the denial always arrives before the breach and never outlives it. The secrets worth wondering about are the ones careful enough never to be written down, because those are the only ones the leak logic cannot reach.