In brief
- Anthropic removed hidden tracking markers from Claude Code after a security researcher identified undisclosed systems targeting user locations, proxy usage, and potential connections to Chinese AI laboratories.
- The company explained the experiment aimed to prevent account misuse and detect AI model distillation attempts, practices deemed critical to safeguarding proprietary model capabilities.
- This development emerges amid Anthropic’s advocacy for stricter regulations against unauthorized extraction of advanced AI models.
Anthropic has discontinued a covert tracking mechanism in its Claude Code AI assistant after a security researcher uncovered hidden identifiers within system prompts designed to flag user locations, proxy configurations, and suspected affiliations with Chinese AI organizations.
Developer “Thereallo” identified the markers in June, revealing that the system encoded domain lists and utilized Unicode signals to detect users circumventing restrictions or attempting to replicate model functionalities. Specific indicators included domains linked to resellers and hostnames referencing entities like DeepSeek or Zhipu.
While acknowledging the rationale behind Anthropic’s measures to curb unauthorized API reselling and model distillation—processes that pose significant risks to AI intellectual property—there was criticism over the lack of transparency. The researcher emphasized that embedding tracking signals in system prompts without clear disclosure undermined trust in a tool marketed for developer use.
Following public disclosure, Anthropic engineer Thariq Shihipar confirmed the tracking system was introduced in March as an experimental measure. He noted that enhanced countermeasures had since been implemented and the feature was slated for removal in the upcoming release cycle.
The incident aligns with broader concerns over AI model distillation, a practice where outputs from one system are repurposed to train competitors—an issue that intersects with national security debates. In February, Anthropic alleged that Chinese firms DeepSeek, Moonshot AI, and MiniMax used fraudulent accounts to harvest Claude interactions for training, claims that sparked industry-wide controversy.
Earlier this year, Alibaba barred employees from using Claude Code, classifying it as high-risk software. Additionally, Anthropic CEO Dario Amodei pressed Congress to address foreign AI extraction tactics, citing allegations of 28.8 million Claude exchanges generated via 25,000 fraudulent accounts tied to Alibaba-linked entities.
Anthropic has not provided comment to Decrypt upon request.
Source link