Anthropic Removing Secret Steganography Code from Claude Code
Key Takeaways
- ▸Anthropic embedded hidden steganography in Claude Code in March to detect unauthorized resellers and prevent model distillation—the practice of copying AI models through repeated queries
- ▸The covert code used invisible Unicode markers, XOR encryption, and base64 encoding to secretly classify proxy/gateway configurations and match hostnames against a hidden list of known AI competitors and resellers
- ▸A developer (Thereallo) publicly exposed the system, arguing that while the security intent was legitimate, hiding the code violated principles of transparency for a developer tool
Source:
Summary
Anthropic announced that it will remove hidden steganography code it embedded in Claude Code several months ago to detect unauthorized access and prevent model distillation by competitors. The covert system, which used invisible Unicode markers and encrypted domain lists to monitor whether the Claude Code environment had been modified or rerouted through proxies, was revealed by a developer who criticized the lack of transparency. Thariq Shihipar, an engineer on the Claude Code team, stated that the company has developed stronger mitigations since implementing the experimental system in March and has been planning to remove it anyway. The removal is expected to appear in Claude Code's July 1 release.
- Anthropic says it has implemented stronger mitigations to prevent misuse and will remove the steganography system in its July 1 release



