344
Productivity & Workflow355
Automation & Workflow224
Software Development251
Marketing & Growth192
AI Infrastructure & MLOps174
Writing & Content Creation203
Data & Analytics141
Design & Creative170
Photography & Imaging156
Customer Support131
Sales & Outreach125
Voice & Speech135
Education & Learning131
Operations & Admin87
A researcher found hidden code in Anthropic’s Claude Code that flagged some China-based users. Anthropic says it was an experiment and removed it.
In short: Anthropic removed hidden tracking code from its Claude Code tool after a researcher found it was quietly flagging some users in China.
A security researcher and web developer who goes by “Thereallo” said they found hidden code inside Claude Code, Anthropic’s tool for helping developers write and edit software with AI. The code was not described openly to users, and it was designed to identify signals that a user might be in China.
The researcher said Anthropic used “prompt steganography,” which is a way to hide extra instructions inside the text sent to an AI (like slipping a note into a letter where most people will not notice it). The hidden instructions reportedly caused Claude Code to send Anthropic information that could help flag a user’s time zone, whether they were using a proxy (a service that can hide where you are), and possible connections to Chinese AI labs.
An Anthropic engineer, Thariq Shihipar, confirmed on X that the tracker was added in March as an “experiment.” He said it was meant to reduce account abuse by unauthorized resellers and to protect against “distillation,” which is when one AI system is trained by repeatedly querying another AI, like copying answers from a study guide at massive scale. After the disclosure, Anthropic removed the code.
Developer tools like Claude Code often have deep access to your work, including files and commands on your computer. Even if the tracking was limited, hiding it can weaken trust, especially as AI companies face pressure to stop copying of their models while still respecting user privacy.
Source: Arstechnica