Key facts
- Anthropic removed hidden tracking markers from Claude Code after researchers raised privacy concerns.
- The markers could identify user location, proxy use, and potential links to Chinese AI labs.
- Anthropic stated the experiment was intended to prevent account abuse and detect AI model distillation.
- The discovery occurred as Anthropic advocates for stronger protections against AI model extraction.
Anthropic has removed undisclosed tracking markers from its Claude Code AI assistant following concerns raised by researchers about user privacy. The feature, discovered in June by developer "Thereallo," embedded signals in system prompts that could identify users' locations, proxy usage, and potential connections to Chinese AI labs.
Thereallo suggested the markers were likely intended to detect API resellers, unauthorized gateways, and attempts at AI model distillation. While acknowledging the potential utility of such detection, the developer criticized the lack of transparency, noting the use of Unicode markers and encoded domain lists within system prompts instead of clear documentation.
In response, Anthropic engineer Thariq Shihipar stated on X that the feature was an experimental measure introduced in March to combat account abuse and protect against distillation attacks. He indicated that stronger mitigations had since been implemented and the tracking system was slated for removal.
The incident occurs as Anthropic intensifies its warnings about AI model distillation, a practice where one AI model's capabilities are used to train another. This practice raises national security concerns when it involves foreign entities. Earlier this month, Alibaba reportedly banned employees from using Claude Code due to security risks. Anthropic has previously accused Chinese AI developers of using fraudulent accounts to extract Claude responses for training competing models, a practice that has drawn debate across the industry.
