What happened
Anthropic's Claude Code, version 2.1.196, embeds steganographic markers within system prompts, altering date string punctuation based on the ANTHROPIC_BASE_URL, system timezone (Asia/Shanghai or Asia/Urumqi), and specific hostname keywords. These visually imperceptible Unicode changes, derived from XOR-decoded base64 lists of domains and AI lab keywords, are likely intended to identify API resellers, unauthorised gateways, or model distillation attempts. The signed binary contains this hidden logic, which activates when users route Claude Code through custom base URLs.
Why it matters
This covert data transmission erodes trust for developers relying on tools with extensive system access. For security architects and platform engineers, the use of hidden steganography instead of explicit telemetry for detecting API abuse introduces an opaque mechanism for data collection. This lack of transparency forces increased scrutiny on developer tools, particularly those operating within sensitive local environments, following previous concerns about undocumented features in Claude Code.
