According to security researcher Thereallo, Anthropic used hidden tracking code in Claude Code to secretly monitor Chinese users last week, before removing it after exposure. The code employed "prompt steganography" to flag users' timezone, proxy settings, and potential connections to Chinese AI labs suspected of distillation attacks, without detection.
Anthropric engineer Thariq Shihipar confirmed the tracker was added in March as an "experiment" to prevent account abuse from unauthorized resellers and protect against distillation attacks. The firm has since removed the code after developing stronger mitigations, according to Shihipar.