When web developer “Thereallo” began investigating privacy in Claude Code last week, they didn’t expect to find a hidden surveillance system. What they uncovered — code deliberately concealed using “prompt steganography” to monitor Chinese users — has shocked the AI community and exposed a glaring contradiction in Anthropic’s public stance against surveillance.
How the hidden tracker worked — and why it matters
The tracker wasn’t malicious in the traditional sense. It didn’t steal passwords or financial data. Instead, it used shorthand markers embedded in plain sight to quietly flag user timezone, proxy information, and potential connections to Chinese AI labs that Anthropic has previously accused of distillation attacks. The technique, known as prompt steganography, hides data within normal-looking prompts, making it nearly invisible to average users.
Why this contradicts Anthropic’s anti-surveillance stance
Anthropic has long positioned itself as a champion of ethical AI, often criticizing surveillance practices by other tech giants. The company’s own policies emphasize user privacy and transparency. Yet this tracker — secretly monitoring users in China — directly undermines that narrative. For users who trusted Anthropic’s promises, the discovery feels like a betrayal.
Timeline of the exposure
Last week, “Thereallo” posted findings on X, detailing the hidden code. Within hours, Anthropic engineer Thariq Shihipar confirmed the tracker’s existence, stating it was added to Claude Code for security purposes. The company quickly removed it after the public outcry. However, the speed of removal didn’t erase the damage to trust.
Who is affected — and why it matters to real people
Chinese users of Claude Code were the primary targets, but the implications extend globally. If Anthropic can secretly track users in one region, what stops it from doing so elsewhere? Developers, researchers, and businesses relying on Claude Code for sensitive work now question whether their data is truly private. The incident also raises concerns for users in countries with weaker privacy protections.
Anthropic’s response — and what it reveals
Thariq Shihipar’s confirmation on X was brief: the tracker existed, it was removed, and it was intended to detect potential security threats from Chinese AI labs. But critics argue that the lack of transparency — no prior disclosure, no user consent — is the real issue. Anthropic has not yet issued a formal statement addressing the broader privacy implications.
Why prompt steganography is a dangerous precedent
Prompt steganography is a sophisticated technique that hides data within AI prompts, making it difficult for users to detect. While it can be used for legitimate security purposes, its secretive nature undermines user trust. Security experts warn that if AI firms normalize such hidden tracking, it could set a dangerous precedent for the entire industry.
Confirmed facts vs what remains unclear
Confirmed: The tracker was embedded in Claude Code, used prompt steganography, and monitored Chinese users. Anthropic confirmed its existence and removed it. Unclear: Whether the tracker collected data beyond timezone and proxy information. Whether other regions were also targeted. Whether Anthropic will face any regulatory action. All speculation about broader surveillance remains unverified.
Anthropic’s moat — why this company matters
Anthropic is a leading AI safety company, known for its Claude models and commitment to ethical AI. Its moat lies in its safety-first approach, strong research team, and partnerships with major tech firms. However, this incident threatens that reputation. Trust is a fragile asset, and once broken, it’s hard to rebuild.
Risks and balanced view
Supporters argue that the tracker was a defensive measure against Chinese AI labs accused of distillation attacks — a real security concern. Critics counter that secret surveillance, even for security, violates user trust and ethical principles. The incident highlights the tension between security and privacy in AI development. Anthropic must now navigate this balance carefully.
Wider trend: AI firms and the surveillance dilemma
This isn’t an isolated incident. AI companies increasingly face pressure to protect their models from theft and misuse. But secret tracking risks alienating users and inviting regulatory scrutiny. The industry is at a crossroads: how to balance security with transparency. Anthropic’s misstep could influence how other firms approach similar challenges.
What users should do now
If you use Claude Code, review your privacy settings and monitor any unusual activity. Consider using VPNs or privacy tools if you’re concerned about tracking. Stay informed about Anthropic’s future disclosures. For developers, demand clearer transparency policies from AI providers before integrating their tools.
Future outlook
Anthropic will likely face increased scrutiny from regulators and privacy advocates. The company may need to implement stricter transparency protocols and independent audits. The incident could also spur industry-wide discussions on ethical surveillance practices. However, rebuilding user trust will take time — and consistent action.
Our Take
The Claude Code tracker incident is more than a technical glitch — it’s a test of Anthropic’s ethical commitments. The company’s swift removal of the tracker is commendable, but the secrecy surrounding its deployment raises fundamental questions. In an era where AI trust is already fragile, such breaches can have lasting consequences. Anthropic must now prove that its anti-surveillance stance is more than just marketing.
Frequently Asked Questions
What was the secret Claude Code tracker?
It was hidden code using prompt steganography that monitored Chinese users’ timezone, proxy, and potential connections to Chinese AI labs without user consent.
Why did Anthropic add the tracker?
Anthropic said it was for security purposes, specifically to detect potential threats from Chinese AI labs accused of distillation attacks.
Is the tracker still active?
No. Anthropic removed it quickly after the security researcher exposed it.
Should I be worried about my privacy?
If you use Claude Code, especially in China, your data may have been tracked. Review your privacy settings and stay updated on Anthropic’s disclosures.