Anthropic Scraps Claude Code's Secret Snitch After Dev Reads the Fine Print 👀
Back to feed

Anthropic Scraps Claude Code's Secret Snitch After Dev Reads the Fine Print 👀

Anthropic has removed a hidden tracking system embedded inside Claude Code after a security researcher disclosed that the AI coding assistant was silently flagging users' locations, proxy usage, and possible ties to Chinese AI labs. The feature, discovered in June by developer "Thereallo," used Unicode markers and encoded domain lists buried inside Claude Code's system prompts rather than appearing in any documentation or release notes. "Anthropic probably wants to detect API resellers, unauthorized Claude Code gateways, and model 'distillation attack' pipelines," Thereallo wrote, noting that custom base URLs pointing at known reseller domains and hostnames containing "deepseek" or "zhipu" were treated as useful signals.

Thereallo said the goal of catching resellers, unauthorized gateways, and potential distillation attacks was reasonable, but criticized the implementation. "This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust," the developer wrote. After the post drew attention online, Anthropic engineer Thariq Shihipar confirmed on X that the markers were introduced in March as an "experiment" to stop account abuse by unauthorized resellers and protect Claude from distillation attacks. "The team has landed stronger mitigations since then and we've actually been meaning to take this down for a while," Shihipar wrote. "We merged the [pull request] and this should be fully rolled back in tomorrow's release."

The disclosure lands amid a broader industry fight over model distillation, in which one AI system's outputs are used to train another. Earlier this month, Alibaba banned employees from using Claude Code, labeling the tool "high-risk" software over security concerns. In February, Anthropic accused Chinese AI developers DeepSeek, Moonshot AI, and MiniMax of using fraudulent accounts to extract millions of Claude responses to train competing models, a claim that drew pushback from observers who noted similar techniques are used across the AI sector. In April, Elon Musk testified that xAI had "partly" used OpenAI models while training Grok, calling distillation a broader industry practice.

In June, Anthropic CEO Dario Amodei urged Congress to strengthen protections against foreign AI extraction after alleging Alibaba-linked operators generated 28.8 million Claude exchanges using nearly 25,000 fraudulent accounts. Anthropic did not immediately respond to a request for comment by Decrypt at the time of publication. The removal of the tracking layer closes one chapter of the dispute, though Anthropic's broader campaign to label and counter alleged foreign distillation pipelines remains in motion.

Share:
Publishercryptonewsroom.xyz
Published—
CategorySecurity

Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.

See our Terms of Service, Privacy Policy, and Editorial Policy.