Hasty Briefsbeta

Bilingual

Claude Code is steganographically marking requests

2 days ago
  • #developer tools
  • #stealth monitoring
  • #privacy
  • Claude Code binary includes a function that modifies the date string in the system prompt based on conditions like timezone and API base URL hostname.
  • Changes involve invisible Unicode alterations to apostrophes and date separators, used as markers to classify proxy, reseller, or AI lab domains.
  • Domain and keyword lists are encoded with base64 and XOR-decryption, targeting Chinese corporate domains, AI companies, and proxy gateways.
  • The feature triggers when ANTHROPIC_BASE_URL is set and hostnames match decoded lists, embedding classification data into prompts for backend parsing.
  • Anthropic likely aims to detect API resellers, unauthorized gateways, and model distillation attacks, but the stealthy implementation raises privacy concerns.
  • For normal users with official API endpoints or unset ANTHROPIC_BASE_URL, the function remains inactive, but it affects custom setups like internal gateways or proxies.
  • The bypass is trivial (e.g., changing hostname or patching binary), making it less effective against adversaries but potentially impacting legitimate developer workflows.
  • Criticism focuses on the lack of transparency; explicit telemetry or documentation would better align with trust expectations for developer tools with high access privileges.