Anthropic removes hidden tracker from Claude Code

Anthropic removed hidden tracking markers from Claude Code after a developer found undisclosed signals that could flag location, proxy use and links to Chinese AI labs.
Anthropic removed a hidden tracking system from its Claude Code assistant after a developer discovered undisclosed markers in system prompts that could identify some users’ location, proxy use and possible links to Chinese AI labs.
The markers were found in June by a developer who uses the handle “Thereallo.” The researcher inspected Claude Code’s system prompts and identified embedded Unicode markers and encoded lists of domains. According to the researcher, those markers could flag requests routed through known reseller domains or hostnames tied to specific Chinese AI organizations, and could detect a custom ANTHROPIC_BASE_URL pointing to a known reseller domain.
“Anthropic probably wants to detect API resellers, unauthorized Claude Code gateways, and model ‘distillation attack’ pipelines,” the researcher wrote, noting the technique relied on hidden signals inside system prompts rather than published documentation.
Anthropic engineer Thariq Shihipar confirmed on X that the feature was introduced in March as an internal experiment intended to stop account abuse and prevent model distillation. He wrote that the team has deployed stronger mitigations since then, that a pull request to remove the code has been merged, and that the rollback would appear in the next release.
Developers and researchers criticized the approach for lacking disclosure. The researcher described the tracker as “not a malicious feature, but it is a weird choice for a developer tool that asks for trust,” and called for clearer documentation and controls for tools aimed at engineers and companies.
The discovery comes amid broader concerns at Anthropic about model distillation, where one system’s outputs are used to train another. In February the company accused several groups of using fraudulent accounts to extract large volumes of Claude responses to train competing models. In June the company’s CEO urged U.S. lawmakers to strengthen protections against unauthorized extraction, asserting that operators linked to Alibaba generated 28.8 million Claude exchanges using nearly 25,000 fraudulent accounts.
Earlier this year a major cloud provider advised its employees not to use Claude Code over security concerns. Critics have noted that techniques such as output sampling and fine-tuning are common in AI research and said the line between routine research and abusive extraction can be contested.
Anthropic says it removed the hidden markers and implemented stronger mitigations. The company provided no additional public details about the experiment or the technical criteria it used to identify accounts.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.








