PulseAugur
EN
LIVE 01:54:36

Claude Code uses hidden prompt markers to track API usage

A security researcher discovered that Claude Code, a coding assistant tool, is using a technique called prompt steganography to embed hidden data within user requests. This method subtly alters characters in the date string within the system prompt, which is typically sent to the AI model. The alterations are designed to be nearly invisible to users and the AI, but can be decoded to identify specific conditions, such as the user's timezone or if the request is being routed through custom API gateways or reseller domains. While Anthropic likely implemented this to detect unauthorized usage or potential model distillation attacks, the researcher argues that this hidden data embedding erodes trust in the tool, especially given the sensitive access coding agents often require. AI

IMPACT Raises trust concerns for AI developer tools that require sensitive access.

RANK_REASON Discovery of a hidden data-embedding technique in a developer tool.

Read on HN — claude cli stories →

AI-generated summary · Google Gemini · from 3 sources. How we write summaries →

Claude Code uses hidden prompt markers to track API usage

COVERAGE [3]

  1. HN — claude cli stories TIER_1 English(EN) · kirushik ·

    Claude Code Is Steganographically Marking Requests

  2. Mastodon — fosstodon.org TIER_1 日本語(JA) · [email protected] ·

    Regarding the fact that Claude Code embedded watermarks using steganography in the requests it sent. I understand the intention of preventing misuse. However, adding identification information without prior notice is a problem related to trust as a development tool. I believe transparency of tools should be emphasized more, especially in an era where LLM agents routinely write code.

    Claude Codeが送信するリクエストにステガノグラフィーで透かしを埋め込んでいた件。悪用防止という意図は理解できます。しかし事前告知なしに識別情報を付加していた点は、開発ツールとしての信頼に関わる問題です。LLMエージェントが日常的にコードを書く時代だからこそ、ツールの透明性はもっと重視されるべきだと思います。 # Claude # AI # プログラミング # プライバシー # LLM

  3. Mastodon — mastodon.social TIER_1 English(EN) · [email protected] ·

    Claude Code Is Steganographically Marking Requests https://thereallo.dev/blog/claude-code-prompt-steganography # HackerNews # Tech # AI

    Claude Code Is Steganographically Marking Requests https://thereallo.dev/blog/claude-code-prompt-steganography # HackerNews # Tech # AI