Anthropic spent roughly three months quietly tracking users it suspected of connecting from China through its Claude Code developer tool. The company didn’t mention this in any release notes, didn’t disclose it in any privacy policy update, and didn’t tell a single user it was happening.
Then a security researcher found it, posted about it publicly on June 30, and Anthropic ripped the whole thing out within a day. The AI company released version 2.1.197 on July 1, scrubbing the tracking mechanism that had been lurking since at least version 2.1.91, shipped back on April 2.
What the tracking code actually did
A web developer operating under the handle Thereallo discovered that Anthropic had been using a technique called “prompt steganography” to hide monitoring code inside Claude Code. In English: the company embedded invisible shorthand markers within the tool’s prompts that could identify users without them ever knowing.
The markers specifically flagged users based on time zone settings, particularly Asia/Shanghai and Asia/Urumqi. They also tracked proxy connections to Chinese domains and looked for patterns suggesting ties to Chinese AI labs.












