Anthropic is removing its covert code for catching Chinese competitors
Jump to main content
Search
REG AD
ai and ml
Anthropic is removing its covert code for catching Chinese competitors
Oh, yeah, we've been meaning to disable our secret steganography system
Thomas Claburn
Thomas<br>Claburn
Senior reporter
Published<br>wed 1 Jul 2026 // 21:56 UTC
Anthropic says that it plans to remove hidden codes it added to Claude Code several months ago to catch other AI companies that are trying to steal from its models.<br>Thariq Shihipar, an engineer at Anthropic who works on the Claude Code team, said on Tuesday that a fix should appear on July 1.<br>"This is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation," Shihipar explained, using the industry term for copying AI models through repeated queries. "The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while."
REG AD
He said that the pull request to remove the code has been merged and should appear in Wednesday's Claude Code release.
REG AD
The experiment, as described by a developer who goes by the name Thereallo, consisted of applying steganography – hiding secret data in plain sight – to the Claude Code system context that gets passed to Anthropic's servers.<br>The relevant code checks Claude Code's base URL environment variable, used to route API requests to a proxy or gateway. If the base URL has been overridden, the code goes on to check the system timezone and whether the hostname matches any entry in a list of known Chinese AI labs, other AI companies, account resellers, and gateway domains.<br>Thereallo said that while it makes sense that Anthropic might try to detect a hostname associated with a Chinese AI rival or a reseller, the implementation should not have been concealed.<br>"[Claude Code] silently alters the system prompt using invisible-ish Unicode markers," Thereallo wrote. "It encodes proxy / gateway classification into a sentence that looks like plain English. It hides the domain list behind XOR and base64. This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust."<br>Asked whether Anthropic disclosed its covert usage tracking mechanism in any of its terms of service documents, a company spokesperson pointed to Shihipar's remarks, which did not address that question.<br>Nor did Anthropic's spokesperson immediately respond to a request to specify what "stronger mitigations" have been implemented to prevent unauthorized resellers and distillation.
MORE CONTEXT
An artificial cell with a full lifecycle has been created for the first time
AI search could kill the web without new quality signals and revenue models
Red teamers turned Claude Desktop into a double agent to do their evil bidding
NASA unsure Boeing Starliner will ever be certified for human flight
In February, shortly before the implementation of the steganographic codes, the AI biz said that it was investing in defenses against distillation. These included detection via classifiers and behavioral fingerprinting systems, intelligence sharing with other AI labs, access controls, and countermeasures that make it harder to use model output to reproduce the model.<br>One such defense came to light when the company's Claude Code source leaked. The coding agent includes a Typescript file with a flag called ANTI_DISTILLATION_CC. The flag, when set, injects fake tool data into API requests in an attempt to make that data toxic for model training.
REG AD
Even with its technical defenses against competition, Anthropic urged the AI industry, cloud providers, and government to respond to the threat of model distillation. A recent White House Executive Order that articulates the intent to protect US AI from foreign adversaries shows that the feds have some interest in answering that call. ®
ai and ml<br>ai<br>claude code<br>distillation<br>anthropic
REG AD
AI + ML
AI customers are coming around to the idea that small is beautiful
OpenAI and Anthropic have built AI Swiss Army Knives, but the future may be smaller built-for-purpose tools
ON-PREM
Irish datacenters now guzzle 23% of the country's electricity
Consumption rose another 10% while restrictions on most new grid connections remained around Dublin
Canonical Managed Kubeflow lands on Azure
PARTNER CONTENT: Why platform teams are swapping DIY Kubeflow for Canonical's managed service
personal tech
Slothful summer app lets you scroll simply by tilting your head
ScrollPods is Mac-only, and you'll need compatible AirPods
BOFH
BOFH: Cross-department AI pitches are easier to swallow with a pint in hand
Some ideas need workshopping, others need a warning light
security
Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
Microsoft says GigaWiper combines at least 3 malware families into one modular tool
MOST POPULAR
ai and ml
Even...