Anthropic removed a hidden tracker that secretly monitored Chinese Claude Code users after a security researcher exposed the code, which sent user data to the company. The tracker, which used 'prompt steganography' to hide its presence, was discovered by a web developer known as 'Thereallo' while researching privacy issues in Claude Code. The code was designed to flag users' timezone, proxy, and potential connection to Chinese AI labs, according to the developer. The tracker was added to Claude Code in March as an 'experiment' by Anthropic engineer Thariq Shihipar, who said it was meant to prevent account abuse from unauthorized resellers and protect against distillation attacks.

The tracker sent information about users' location and potential ties to Chinese AI labs to Anthropic, which the company said was meant to prevent unauthorized use of its models. The Washington Post reported that unauthorized retailers have sold access to free models for $1 a month and pro subscriptions for as little as $12. Shihipar said the company has 'actually been meaning to take this down for a while,' as engineers have 'landed stronger mitigations since then.' However, privacy advocates criticized the explanation, warning that the code is evidence that Anthropic is willing to cross lines to surveil users.

Anthropic has argued that Chinese AI firms are distilling its models to gain a technological edge. The Post reported that Chinese firms have 'consistently matched' US firms' model capabilities within months. Recently, a new free AI model from Zhipu AI was found to be better at finding computer vulnerabilities than Anth, which was released in May. Anthropic has joined OpenAI in urging the US to view distillation attacks as intellectual property theft. At a recent Senate hearing, Sen. Tim Scott (R-S.C.) agreed legal intervention is needed to stop China from using such attacks to 'gain a technological edge.'

Source: arstechnica