Secret Tracking Code in Claude Code Sparks Privacy Controversy at Anthropic
Key Takeaways
- ▸Hidden tracking code using 'prompt steganography' was embedded in Claude Code to monitor for unauthorized access and prevent model distillation attacks
- ▸The tracking code collected user data including time zones, proxy usage, and potential connections to Chinese AI companies without explicit consent
- ▸Anthropic only removed the code after public disclosure despite claims it was already scheduled for deletion
Summary
Security researchers discovered a hidden tracking mechanism embedded in Anthropic's Claude Code, an AI-powered development tool. The code, which used prompt steganography techniques to hide tracking markers, was designed to monitor for unauthorized account abuse and prevent model distillation attacks by Chinese AI laboratories. The tracker logged user time zones, proxy usage, and connections to Chinese AI companies without explicit user disclosure.
Web developer Thereallo uncovered the hidden tracking and called it a "serious breach of user trust." Anthropic engineer Thariq Shihipar subsequently admitted on X that the code was added as an "experiment" in March and stated the company had plans to remove it once stronger security protections were implemented. However, Anthropic deleted the code only after the discovery became public.
The incident sparked significant backlash from privacy advocates who criticized Anthropic's covert approach, particularly given the company's previous public statements opposing hidden monitoring practices. The fallout extended beyond public criticism—Alibaba immediately banned its employees from using Claude Code for work, citing risks of "backdoors" and regulatory concerns. The controversy highlights the tension between protecting proprietary AI models and maintaining user trust through transparency.
- The incident triggered real-world consequences, with Alibaba banning Claude Code for employees due to security and compliance concerns
- The controversy exposes a conflict between model protection efforts and user privacy expectations for developer tools



