July 08, 2026 ChainGPT

Anthropic Removes Hidden Claude Code Tracker After Researcher Flags Risks to Crypto Devs

Anthropic Removes Hidden Claude Code Tracker After Researcher Flags Risks to Crypto Devs
Anthropic removes hidden Claude Code tracker after researcher flags privacy concerns Anthropic has quietly pulled a hidden tracking mechanism from Claude Code after a security researcher discovered the AI coding assistant was secretly embedding markers to flag certain users’ location, proxy use and possible ties to Chinese AI labs. The discovery sparked criticism from developers and privacy advocates about undisclosed telemetry in a tool aimed at trusted engineers. The feature was uncovered in June by developer “Thereallo,” who found encoded signals tucked into Claude Code’s system prompts. Those markers could be used to identify users Anthropic believed were bypassing restrictions, reselling access, or trying to extract the model’s capabilities for reproduction. Thereallo pointed out practical signals embedded by the company — for example, a custom ANTHROPIC_BASE_URL pointed at a known reseller domain, or hostnames containing strings like “deepseek” or “zhipu” — and called the approach “a weird choice for a developer tool that asks for trust.” He qualified that it wasn’t inherently malicious but criticized the lack of disclosure and the use of Unicode markers and encoded domain lists to hide the behavior. Anthropic engineer Thariq Shihipar confirmed on X that the code was introduced in March as an “experiment” intended to curb account abuse from unauthorized resellers and to protect Claude from so-called model “distillation” attacks — where outputs are scraped to train competing models. Shihipar said the team has already implemented stronger mitigations and planned to remove the experimental tracker, with a pull request merged to roll it back in an imminent release. The episode lands amid growing friction in AI over distillation and data extraction — issues that overlap with national-security and commercial concerns. Anthropic has repeatedly warned against large-scale extraction of model outputs. In February it accused Chinese developers DeepSeek, Moonshot AI and MiniMax of using fake accounts to pull millions of Claude responses for model training, a claim that drew pushback from observers noting distillation is a common industry practice. In April, Elon Musk said xAI used OpenAI models “partly” while training Grok, underscoring how widespread the technique is. And in June Anthropic CEO Dario Amodei urged Congress to bolster protections after alleging Alibaba-linked operators generated roughly 28.8 million Claude exchanges using nearly 25,000 fraudulent accounts. Alibaba earlier this month told staff to avoid Claude Code, labeling it “high-risk” software. For crypto projects and developer communities that increasingly rely on AI coding assistants, the incident is a reminder to vet tools for hidden telemetry and unclear data practices. Undisclosed tracking can raise privacy, supply-chain and IP risks — particularly for teams using proxies, private infrastructure or collaborating across jurisdictions. Anthropic did not immediately respond to a request for comment from Decrypt. The company says the tracker will be removed in the next release following the internal rollback. Read more AI-generated news on: undefined/news