Anthropic Removes "Scary" Secret Claude Tracker After Developer Stumbles Across It

ZeroHedge
Published
51
0
Anthropic Removes "Scary" Secret Claude Tracker After Developer Stumbles Across It
Read the full story at ZeroHedgeOriginal
Anthropic Removes "Scary" Secret Claude Tracker After Developer Stumbles Across It

Anthropic has removed hidden detection code from its Claude Code tool after a developer reverse-engineered the binary and exposed how the company was subtly monitoring users in China.

The code, which Anthropic described as an experiment launched in March, used a form of prompt steganography to signal information about a user's environment back to Anthropic's servers. It was designed to help detect unauthorized resellers and attempts by other organizations to distill Claude's capabilities into their own models.

How The Detection Worked

The mechanism was first spotted by a Reddit user known as LegitMichel777, who stumbled on it while trying to restore a disabled feature in Claude Code. A separate developer known as Thereallo independently confirmed the finding the same day, June 30, publishing a technical breakdown of exactly how it worked.

The checks only ran in one specific situation: when a user pointed Claude Code at a different server instead of Anthropic's own - something companies commonly do when they route their traffic through internal systems or third-party gateways. From there, it checked two things:

  • Whether the user's computer was set to a Chinese time zone (Shanghai or Urumqi).
  • Whether the new server address matched a hidden list of Chinese AI companies (including well-known names like DeepSeek, Zhipu, and Moonshot) or known resale and proxy services.

If either check came back positive, Claude Code would quietly tweak a line of text called the "system prompt" - background instructions the app automatically sends to the AI model with every request, invisible to the person typing. Specifically, it changed how the date was written in that line:

  • If the user was in a Chinese time zone, the date switched from using dashes to slashes (e.g., 2026/06/30 instead of 2026-06-30).
  • The apostrophe in the phrase "Today's date is..." was swapped for one of three lookalike characters, each one a different signal, depending on which combination of checks the session had triggered.

None of this was visible to users, or likely even to the AI model itself in normal use - the characters look identical on screen. But Anthropic's servers could read the difference instantly. The lists of flagged domains and keywords were also scrambled inside the app's code using a basic encryption trick, so they wouldn't show up if someone just opened the file and searched for them.

Thereallo called the approach "prompt steganography" - hiding a signal inside ordinary-looking text - and noted it let Anthropic sort and flag sessions without needing any separate, visible tracking system.

Anthropic's Explanation

Last Tuesday, Anthropic engineer Thariq Shihipar, who works on the Claude Code team, confirmed the feature on X:

"This is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation. The team has landed stronger mitigations since then and we've actually been meaning to take this down for a while. We merged the PR and this should be fully rolled back in tomorrow's release."

Anthropic has stated that unauthorized resellers have been selling access to Claude accounts and subscriptions at steep discounts in certain markets. The company has also publicly documented large-scale efforts by Chinese AI labs to distill its models by querying them at high volume through proxies and fraudulent accounts.

Anthropic removed the detection logic shortly after it became public.

Alibaba Bans Claude Code For Employees

The disclosure prompted a swift response from Chinese technology giant Alibaba. According to internal documents reported by the South China Morning Post, Alibaba added Claude Code to its list of high-risk software and instructed employees to stop using it for work, effective around July 10. The memo cited "back-door risks" following the discovery of the hidden markers.

Alibaba has not publicly commented on Anthropic's earlier accusations that its Qwen models benefited from large-scale distillation of Claude.

The Wider Context: Distillation And Geopolitical Competition

Model distillation - training a new model on the outputs of a more capable one - is a common technique in AI development. However, Anthropic and other U.S. frontier labs argue that industrial-scale distillation campaigns by foreign entities, particularly Chinese labs, undermine export controls and intellectual property protections.

Anthropic has previously published details of what it described as distillation operations targeting its models by labs including DeepSeek, Moonshot, and MiniMax. Chinese researchers have also published work showing that many leading Chinese models carry detectable signatures consistent with distillation from U.S. systems.

In this environment, companies like Anthropic face pressure to protect their models while maintaining user trust - especially in tools like Claude Code, which are granted significant access to users' local machines, files, and command execution.

Thereallo's analysis raises obvious questions about transparency. While the feature wasn't designed to steal user data or take control of anyone's computer, hiding this kind of tracking inside the system prompt without telling anyone erodes the trust these coding tools depend on.

"Coding agents already live on the wrong side of a scary boundary," Thereallo wrote. "Hiding the signal in the system prompt makes every other privacy claim harder to believe."

Anthropic has not issued a detailed public postmortem on the experiment. The company has emphasized that distillation attacks and account abuse pose risks to model safety standards and U.S. technological leadership, and that it continues to work with government and industry partners on mitigation strategies.

Tyler Durden Tue, 07/07/2026 - 17:20

Related Markets

All Markets
View full chart →
View Full Chart

Market data may be delayed. Not financial advice.

Reader Reactions
The Story At A Glance
  • • Anthropic used hidden steganography to covertly track users in Chinese time zones and those using Chinese AI domains.

  • • The tracking mechanism manipulated system prompts with invisible Unicode characters to signal user location and affiliation back to servers.

  • • Following discovery by independent developers, Alibaba banned the software due to these backdoor risks.
Context
Anthropic implemented this secret tracking to combat model distillation and unauthorized reselling by foreign entities. The company aims to protect its intellectual property from Chinese labs attempting to replicate its technology.

Christian Perspective
Deception in software development violates the biblical mandate for honesty and integrity in all dealings. Using hidden signals to monitor others without consent reflects a spirit of manipulation rather than the transparency required of righteous men.

Implications
This incident highlights the necessity of protecting American technological sovereignty against foreign industrial espionage. For Christians, it serves as a warning that even secular tech giants utilize deceptive practices that undermine the trust essential to a stable society.

Broader Trends
The clash between U.S. tech firms and Chinese entities illustrates the intensifying geopolitical struggle for global dominance. This competition underscores the need for America First policies that prioritize the security and integrity of our national digital infrastructure.

Takeaway
Americans must demand absolute transparency and digital sovereignty from the corporations managing our data. We should support strong leadership that defends our intellectual property and national interests against hostile foreign actors. Prioritize tools that respect individual privacy and operate with biblical honesty.

What is your reaction to this story?

Reader Reactions

Want to join the conversation about this story?

Join our community at Gab.com

Alto is powered by

Gab AI

The one AI they can't control. Our exclusive AI model trained to uphold Christian values and traditional principles in every interaction.

Support Alto & Gab

Alto is funded entirely by readers like you. Your donation helps us continue delivering curated news from a right-wing Christian Nationalist perspective, powered by Gab AI.

Gab Shop

Support free speech with official merchandise

View All Products

Install Alto on Your Phone

Add Alto to your home screen for quick access to breaking news — no app store required.

iPhone & iPad

Using Safari Browser

1

Open alto.gab.com in Safari

alto.gab.com
2

Tap the Share button

at the bottom of Safari
3

Tap "More"

More
4

Scroll and tap "Add to Home Screen"

Add to Home Screen

Tap "Add" to confirm

Alto will appear on your home screen like any other app!

Android

Using Chrome Browser

1

Open alto.gab.com in Chrome

alto.gab.com
2

Tap the menu button

three dots in top right
3

Tap "Add to Home screen"

Add to Home screen

Tap "Add" to confirm

Alto will appear on your home screen like any other app!
gab

Speak Freely

Join millions on the original and only true free speech social network.

What Makes Gab Different

We're not just another social network. We're a platform built on principles that matter.

Freedom of Speech & Reach

All First Amendment protected speech is welcome. No algorithmic throttling or shadow banning.

Family-Friendly Platform

We maintain a clean environment. Explicit adult content is strictly prohibited.

Western Nations Only

Third-world IPs are blocked. No scammers, no spam farms. Built for Western civilization.

Funded By Users

Our users are our investors and customers. You're not the product being sold.

Battle Tested

A decade of standing strong. Banned from app stores, banks—and still here.

American Owned & Operated

We reject foreign censorship demands. Built by Americans, for free people.