{"slug": "secret-tracker-in-claude-code-uncovered-anthropic-directly-deletes-code", "title": "Secret Tracker in Claude Code Uncovered, Anthropic Directly Deletes Code", "summary": "Security researchers uncovered a hidden tracking code in Anthropic's Claude Code AI tool that monitored users in China, prompting Anthropic to delete the code after public outcry. Anthropic engineer Thariq Shihipar confirmed the tracker was an experiment to prevent unauthorized account abuse and distillation attacks, but privacy advocates condemned the stealthy surveillance as a breach of trust. The incident led Alibaba to ban its employees from using Claude Code, citing backdoor risks.", "body_md": "JAKARTA - Anthropic is facing the spotlight after a hidden tracking code in the Claude Code was dismantled by security researchers. The code is said to monitor users in China and is immediately deleted after the findings became a public concern.\n\nQuoted from Ars Technica, Tuesday, July 7, the code was discovered by a web developer known as Thereallo while researching privacy issues in Claude Code. He called the tracking similar to spyware and a \"serious breach of user trust\".\n\nClaude Code is an AI-based tool from Anthropic that helps developers write, read, and improve code. Because it works closely with files and commands on the user's computer, tracking silently in this kind of tool becomes a sensitive issue.\n\nAccording to Thereallo, Anthropic uses the \"prompt steganography\" technique to hide markers in the system. Simply put, steganography is a way of inserting a hidden message or signal in a seemingly ordinary place.\n\nThe code is not said to be dangerous. However, it sends information to Anthropic without the user easily realizing it. The information includes time zones, proxy usage, and the possibility of a user's relationship with the Chinese AI laboratory that Anthropic is accused of carrying out a distillation attack.\n\nAt X, Anthropic engineer Thariq Shihipar admitted that the tracker was added to Claude Code as an \"experiment\" in March. He said the code was created to prevent unauthorized account abuse by unofficial resellers and protect Anthropic from distillation.\n\nDistillation in AI is the process of using the output of one model to train or accelerate the development of another model. The practice is not automatically illegal, but it can violate the terms of service if it is done by having a model like Claude respond millions of times to mimic its capabilities.\n\nShihipar said Anthropic actually intended to delete the code because the technical team had implemented stronger protection.\n\nHowever, the explanation did not ease the criticism. Privacy advocates judged Anthropic to have crossed the line by choosing a hidden way to monitor users. The spotlight is getting sharper because Anthropic previously refused the use of Claude by the US government to monitor users in the United States.\n\nArs Technica wrote, this incident came as US AI companies were increasingly aggressive in slowing down Chinese companies that were suspected of imitating their models. The Washington Post reported that Chinese companies in the past year have been able to match the capabilities of US models in just a few months.\n\nAnthropic also encourages that distillation attacks be treated as intellectual property theft. The company joined OpenAI in urging the US government to take stricter legal and export policy measures.\n\nThe impact of this finding was immediately felt in China. The South China Morning Post reported that Alibaba banned its employees from using Claude Code for work. In an internal memo reviewed by SCMP, Claude Code was said to carry the risk of \"backdoors\" and was included in the list of high-risk software.\n\nAlibaba has not commented on Anthropic's allegations regarding distillation. However, Reuters reported that the company risks facing legal and compliance issues if it is found to have violated Anthropic's provisions.\n\nAnthropic is now in a difficult position. The company wants to protect its AI model from imitation. However, the stealthy way opens up a new problem, namely user trust.\n\nThereallo menilai Anthropic sebenarnya bisa memilih cara lebih terbuka. Jika ingin mendeteksi jalur akses tidak resmi ke Claude atau penyalahgunaan akun, perusahaan dapat membuat penjelasan resmi, dokumentasi, atau catatan rilis.\n\n\"This is not a dangerous feature, but it's a strange choice for a developer tool that asks for trust,\" Thereallo wrote on his blog.\n\nHe also reminded that AI-based coding tools are already in sensitive areas. Such tools can check codes, run commands, install packages, edit files, and even push commits on the user's computer.\n\n\"Hiding the signal in the prompt system makes any other privacy claim more difficult to believe,\" said Thereallo.\n\nArs Technica wrote that Anthropic did not immediately respond to his request for comment. However, to The Washington Post, an Anthropic spokesperson said the distillation attack by the Chinese laboratory was a serious threat to national security and undermined AI security standards in the industry.\n\n*The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language.\n(system supported by DigitalSiber.id)*\n\n[\nAdd VOI as a Preferred Source\nFollow VOI news updates across Google.\n+\n](https://www.google.com/preferences/source?q=https://voi.id)\n\n### Most Popular Tags\n\n[#Prabowo Subianto](https://voi.id/en/tag/15/prabowo-subianto)\n\n[#donald trump](https://voi.id/en/tag/29/donald-trump)\n\n[#2026 World Cup](https://voi.id/en/tag/9889/piala-dunia-2026)\n\n[#venezuela](https://voi.id/en/tag/12084/venezuela)\n\n[#konflik timur tengah](https://voi.id/en/tag/18400/konflik-timur-tengah)", "url": "https://wpnews.pro/news/secret-tracker-in-claude-code-uncovered-anthropic-directly-deletes-code", "canonical_source": "https://voi.id/en/technology/583552", "published_at": "2026-07-07 15:21:23+00:00", "updated_at": "2026-07-07 15:30:26.809761+00:00", "lang": "en", "topics": ["ai-safety", "ai-ethics", "ai-policy", "ai-tools", "ai-research"], "entities": ["Anthropic", "Claude Code", "Thereallo", "Thariq Shihipar", "Alibaba", "Ars Technica", "South China Morning Post", "Reuters"], "alternates": {"html": "https://wpnews.pro/news/secret-tracker-in-claude-code-uncovered-anthropic-directly-deletes-code", "markdown": "https://wpnews.pro/news/secret-tracker-in-claude-code-uncovered-anthropic-directly-deletes-code.md", "text": "https://wpnews.pro/news/secret-tracker-in-claude-code-uncovered-anthropic-directly-deletes-code.txt", "jsonld": "https://wpnews.pro/news/secret-tracker-in-claude-code-uncovered-anthropic-directly-deletes-code.jsonld"}}