Two events from the last month landed on top of each other and tell the same story from opposite ends.
Anthropic shipped Claude Code v2.1.88 with a source map left inside the npm package. 59.8 MB of unminified TypeScript, 1,900 files, 512,000 lines of code. Their internal codename for the next iteration, KAIROS — an autonomous daemon that consolidates memory in idle, multi-agent, voice mode — was exposed. The full roadmap. And, in the same window, customer behavior was visibly cracking under their rate limits: 5-hour sessions burning out in 90 minutes, bugs inflating token usage 10–20×.
OpenAI shipped Codex CLI as Apache 2.0 from day one. Public on GitHub: 67,000 stars, 400+ contributors, 2 million users. Twenty-plus community plugins. Triggers that go issue → fix → PR without a human in the loop. In the same window, OpenAI's valuation moved from $122B to $852B.
The temptation is to read this as a morality tale about open source. It is not. The lesson is much narrower and more useful: in the current AI cycle, closed code does not build a moat. It builds a single point of failure. The defensibility lives somewhere else, and the companies that figure out where get to keep their lead.
Open builds network. Closed builds fragility.
The Codex CLI numbers — 67K stars, 400+ contributors, 20+ plugins — are not a vanity metric. Each plugin is a switching cost. Each Trigger is a customer integration that would have to be rebuilt to leave. Each contributor is a developer who has internalized OpenAI's mental model and is now distributing that model into other teams.
The moat is not the code. The moat is the network the code attracts.
OpenAI gives away the CLI and charges for the runtime. That trade is operationally correct: the marginal cost of distributing the CLI is zero, the marginal cost of running models is non-zero, and the strategic value of having 67,000 developers commit to your architecture is enormous. Every plugin written is a small bet on OpenAI staying around. Every Trigger added is one more team that has stopped considering alternatives.
The mirror image is what is happening to Anthropic right now. Claude Code is technically excellent. The product is good. But the relationship is one-sided: customers depend on Anthropic, and Anthropic depends on its customers staying. There is no plugin ecosystem absorbing the company's decisions. There are no community Triggers that would make leaving expensive. When something breaks — and the rate-limit incidents are showing that something is breaking — customers don't have sunk cost in the form of integrations they would have to rebuild. They just leave.
The KAIROS leak is the surface event. The deeper signal is that Anthropic has spent the last year building product without building network, and the gap is now wide enough to see from the outside.
Closing does not protect the roadmap. It exposes it.
The most ironic part of the leak is what got exposed. Anthropic wanted KAIROS to be a surprise — a competitive reveal. The whole thesis of closed source is that you can keep your roadmap private until you ship.
A .npmignore file failed once and the entire roadmap went public. Not paraphrased. Not summarized. The actual TypeScript files that define the architecture.
Meanwhile, Codex publishes its features openly in GitHub Discussions. Anyone can see what is coming. Anyone can vote on what should come next. The information that was supposed to be Anthropic's competitive advantage is, in Codex's case, a marketing channel.
When the closed approach works, it gives you one quarter of surprise. When it fails, it costs you the entire roadmap and the trust that you can keep secrets. The expected value of "secrecy as moat" is worse than the expected value of "transparency as community-building", and the leak just demonstrated it numerically.
Rate limits as anti-moat
The Anthropic story includes a smaller incident that I think is more revealing than the leak itself: the rate-limit collapse.
Claude Code customers had been operating in sessions of around 5 hours. Anthropic tuned rate limits and pricing. Suddenly the same workload was hitting limits in 90 minutes. Bugs in the agent were inflating token usage 10–20×. The math of "agentic developer tooling" stopped working for a meaningful chunk of users.
This is what I mean by anti-moat. The company that built dependency on long autonomous sessions then made long autonomous sessions economically unworkable. The customers who were furthest invested — the ones running production workloads through Claude Code — are the ones who got burned hardest. They're not loyal users anymore. They are users with a story about why they should never trust Anthropic with a critical workflow again.
Compare to Codex's incentive: more usage is more revenue, but the architecture of community-built plugins distributes the cost surface. If Codex's pricing breaks for one workflow, three plugins will appear within a week that route around it. The community absorbs the friction. Anthropic, with no community, has to take the friction onto its own brand.
The pattern repeats inside the company
The same dynamic that distinguishes open from closed vendors plays out, in miniature, inside organizations.
Teams that share evals, prompts, and error logs across product surfaces compound. Teams that hoard context inside silos do not. The companies that scale agents into production fastest are not the ones with the best model contract; they are the ones whose internal teams are organized to pass context across handoffs without losing it.
The moat, inside a company as much as inside a vendor, is the network. The internal API between teams is more decisive than the external API to the LLM. The companies that treat context as a shared substrate accumulate institutional knowledge that compounds. The companies that treat it as a team-level asset lose it the moment a key person leaves.
This pattern looks small at the team level and identical at the vendor level. Open ecosystems compound. Closed ones leak.
What to do with this
If you are choosing between vendors in 2026, I would not weight the model leaderboards heavily. They move every quarter and the gap between the top three is within noise for most production workloads. I would weight three other things.
Community size and behavior. Is there a plugin ecosystem? Are external developers actively building on top? When a feature is missing, does a community fix it within a week or does the vendor need to ship in six months? OpenAI's Triggers and the Anthropic MCP community are both signs of healthy network effects. Vendors without a community are vendors without leverage.
Failure recovery. When this vendor has a bad week — bad model, bad pricing change, bad outage — how easy is it for your team to keep working? If the answer is "we stop", the vendor is single-source critical infrastructure and you have not built a defensible system. You have rented one.
Roadmap behavior. Does the vendor publish what is coming? Are you allowed to vote on priorities? Or do you find out about the next version when it ships? The vendors who publish openly are signaling that they trust their community more than they fear their competitors. That is the team you want building the thing under your product.
Closing
The closed approach assumes that the value is in the code. In 2026, the value is in the network the code attracts. The vendors that understand this distribute generously and charge upstream. The vendors that don't are running a clock down to the next leak.
The lesson for operators is simpler than it sounds. Build with vendors whose roadmap you can read. Build with tools whose communities you can join. Build internal systems whose context is shared, not hoarded. The moat is the relationship, not the algorithm. And the relationship compounds in only one direction.