Anthropic Removes Hidden Claude Code Tracker After Researchers Raise Privacy Concerns

CN
Decrypt
Follow
4 hours ago

Anthropic has removed a hidden tracking system from Claude Code after a security researcher discovered the AI coding assistant was using undisclosed markers to identify some users’ location, proxy use, and possible links to Chinese AI labs.


The feature, discovered in June by developer “Thereallo,” embedded signals in Claude Code’s system prompts that could flag users Anthropic believed were bypassing restrictions or attempting to extract model capabilities.


“Anthropic probably wants to detect API resellers, unauthorized Claude Code gateways, and model 'distillation attack' pipelines,” Thereallo wrote. “A custom ANTHROPIC_BASE_URL pointing at a known reseller domain is a useful signal. A hostname containing deepseek or zhipu is also a useful signal.”


Thereallo said Anthropic’s attempt to detect resellers, unauthorized Claude Code gateways, and potential distillation attacks made sense, but criticized how it was done, noting that Claude Code hid tracking signals inside system prompts using Unicode markers and encoded domain lists rather than disclosing the system through documentation or release notes.





“This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust,” Thereallo wrote.


After the tracker was revealed online, Anthropic engineer Thariq Shihipar said on X that it was introduced in March as an “experiment” to stop account abuse by unauthorized resellers and protect Claude from distillation attacks.


“The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while,” Shihipar wrote last week. “We merged the [pull request] and this should be fully rolled back in tomorrow’s release.”


The news comes as Anthropic has stepped up warnings about AI model distillation, where one system’s outputs are used to train another model. While the practice is common in AI research, when it comes to geopolitics, distillation becomes a national security concern. Earlier this month, Alibaba banned employees from using Claude Code, calling the tool “high-risk” software over security concerns.


In February, Anthropic accused Chinese AI developers DeepSeek, Moonshot AI, and MiniMax of using fraudulent accounts to extract millions of Claude responses to train competing models. The claims drew pushback from critics who questioned how the practice differs from methods used across the AI industry.


In April, Elon Musk testified that xAI had “partly” used OpenAI models while training Grok, calling distillation a broader industry practice. In June, Anthropic CEO Dario Amodei urged Congress to strengthen protections against foreign AI extraction after alleging Alibaba-linked operators generated 28.8 million Claude exchanges using nearly 25,000 fraudulent accounts.


Anthropic did not immediately respond to a request for comment by Decrypt.


免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink