wow 👀
Rohan Paul Twitter · Rohan Paul (@rohanpaul_ai) · 2026-06-30
Allegations have emerged that Anthropic's Claude Code secretly embeds invisible prompt markers to fingerprint requests routed through China-linked proxy servers, raising trust and auditability concerns about hidden metadata in an AI coding agent with broad system access.
Extraction
Topics: claude-codeai-privacyanthropicai-agentsprompt-injection
Claims
- Claude Code allegedly detects when ANTHROPIC_BASE_URL is set to a China-linked custom hostname and marks the request.
- The alleged fingerprinting mechanism uses invisible punctuation and date formatting injected into the prompt text.
- Users cannot review or refuse the hidden markers because they are not disclosed in Claude Code's interface.
- Claude Code's file, code, and command permissions make hidden signal injection more serious than tracking on a passive website.
- If true, this mechanism could set a precedent that makes AI agents broadly harder to audit.
Key quotes
Abuse detection is understandable because Anthropic says proxy services are used to bypass China access limits. But secret prompt marking still crosses a trust line because users cannot review or refuse it.
Claude Code is not a normal chatbot because it can read files, edit code, and run commands. A hidden signal inside that kind of tool feels far more serious than tracking inside a website.
Once invisible characters carry metadata, users will distrust even harmless-looking text.