Claude Code Is Steganographically Marking Requests

Claude Code Is Steganographically Marking Requests(thereallo.dev)

631 points by kirushik 2 hours ago | 194 comments

meowface 1 hour ago |

Value judgment aside: I am a bit surprised at how sloppily they did this. I think they could've achieved the same effect while decreasing the odds of detection via reverse engineering.

(This field is known as "underhanded code", coined by the Underhanded C contest: https://www.underhanded-c.org. It's a little-known "art"; little-known for probably self-explanatory reasons. There are much cleverer ways of achieving objectives like this. One obviously being you can move more out of the client and into the server, but the other being you can write plausibly deniable client code in a much more benign-seeming way than this. Some of what they added can only be done on the client, but I think some could've been moved, and the client-required parts could've been done more subtly and credibly.)

It's possible they knew the JS bundle gets so heavily scrutinized that it'd eventually get spotted and reported on regardless so they didn't bother doing something more subtle and duplicitous. But still seems slightly lazy.

superfrank 50 minutes ago | |

It's also possible that there are more in-depth detection methods and that this was just a cheap and easy first step that hasn't been removed because it catches a lot of less sophisticated bad actors.

It's unlikely that this will stop a big AI lab from distilling their model if they're really determined, but A) it may be enough to stop a bunch of fly-by-night token resellers looking to make a quick buck and B) you never know when one person at one of those big labs will mess up and forget to install whatever workaround they have and out themselves.

I think of it like if you have a problem with birds in your yard so you go buy one of those plastic owls. The owl scares away most of the birds, but not all of them, so you go and buy some ultrasonic noise thing to scare them away (I'm just making something up). Just because you bought the new ultrasonic thing though, that doesn't mean you're going to take the owl down. You leave it up because now you've got two layers of defense instead of one.

overgard 38 minutes ago | |

Well considering how Claude is vibe coded, I can't say I'm really surprised by sloppiness at all. I've been moving more towards Codex and OpenCode not because the the anthropic models are bad, but because Claude seems to break something new and annoying every day.

meowface 18 minutes ago | | |

I would guess this part - since it's so sensitive, and fairly small - was either written or heavily driven by humans. Though I do also think it's possible their internal Mythos ~5.5 or whatever may also not necessarily be heavily optimized for thinking in the right manner for highly effective underhanded code. (I think it's possible it is capable and they just didn't use it for this, for whatever reason, though.)

arikrahman 13 minutes ago | | |

Likewise, Reasonix harness for Deepseek gets me better performance for practically free, hitting the cache. And this is with an unsubsidized American provider.

mcmcmc 27 minutes ago | | |

Watch out for the press release where Dario denies this was ever intentional, and it’s actually emergent behavior demonstrating that Claude wants to claim authorship of its works

radicalbyte 1 hour ago | |

Claude Code are slopmaxxxing and you're considering their "judgement"? :-)

m-hodges 1 hour ago | |

They also could have been much more interesting in the approach. LLMs can use their token distributions to generate stegotext that read like plausible prose but decode to payloads.¹

¹ https://github.com/hodgesmr/calgacus-mlx

ajyoon 1 hour ago | | |

Sure, but the point here is to add a fingerprint from the client.

hn_throwaway_99 1 hour ago | |

At first I was agreeing with you, that this seemed like a sloppy way to implement this that was sure to be pretty quickly detected, but there is another possibility.

Anthropic could have implemented this not as a durable detection system against proxying resellers, but instead as a point-in-time sampling system to detect where (and with what context) proxying reselling is currently happening. Sure, it would be detected eventually, but in the meantime Anthropic could gain useful snapshot data.

meowface 17 minutes ago | | |

I see your point, but in any case the more data / the less detectable, the better. But, yes, regardless of the exact motivation, I do think it's fairly plausible that they knew this would likely get detected fairly quickly no matter what and made a deliberate decision to not try to make it a super subtle, super clever insertion.

thefourthchime 10 minutes ago | |

It's just the first layer and there are multiple layers underneath this that we don't know about.

As a side note, I have a pet theory that one of the reasons that OpenAI and Anthropic are okay with the latest models not being released is to prevent distillation.

I think they want to wait a couple months and see if the Chinese models continue to keep catching up or if their gains are really just because they're distilling the frontier models.

Philip-J-Fry 29 minutes ago | |

Dunno, it seems like the exact kind of thing Claude would think up if you asked it to subtly alter the system prompt to hide this info.

It's all a losing battle anyway.

avree 29 minutes ago | |

I've seen Eve Online corporations that do a better job of steganographic marking than this.

jorblumesea 18 minutes ago | |

well if you ask claude how to implement something, you may not always get the optimal solution. this feels like something claude would spit back at you given a basic prompt

crossroadsguy 59 minutes ago | |

I finally bought Claude Pro (I am not coding etc these days so I just wanted to try it). The Claude desktop app is downright pathetic. I mean they could write a better one just with their own LLMs. What's stopping them?

ncruces 46 minutes ago | | |

That's … exactly what they're doing. This is the outcome.

lumost 48 minutes ago | |

so all we need is someone to leak a sufficiently large amount of claude generations onto the open and private web for all other LLMs to mimic the same marking style?

wouldn't this happen due to the massive amounts of spam/slop being released?

skywhopper 1 hour ago | |

Have you looked into anything about Claude Code, how it’s configured, how it interacts with your system, etc? Because “sloppy” is a defining characteristic.

skeptic_ai 1 hour ago | |

It’s even more funny how this blew in their faces. They even advertised pretty much all providers on hackernews home page. Here is in case you missed in the article

‘’’ cn baidu.com alibaba-inc.com alipay.com antgroup-inc.cn bytedance.net kuaishou.com xiaohongshu.com jd.com bilibili.co iflytek.com stepfun-inc.com moonshot.ai anyrouter.top claude-code-hub.app claude-opus.top openclaude.me proxyai.com yunwu.ai zenmux.ai

‘’’

You can view the full list here: https://cdn.thereallo.dev/blog/assets/cc-domains.js

const knownDomains = [ "cn", "sankuai.com", "netease.com", "163.com", "baidu-int.com", "baidu.com", "alibaba-inc.com", "alipay.com", "antgroup-inc.cn", "kuaishou.com", "bytedance.net", "xiaohongshu.com", "ctripcorp.com", "jd.com", "jdcloud.com", "bilibili.co", "iflytek.com", "stepfun-inc.com", "aliyuncs.com", "cn-shanghai.fcapp.run", "cn-beijing.fcapp.run", "xaminim.com", "moonshot.ai", "anyrouter.top", "packyapi.com", "aicodemirror.com", "aigocode.com", "hongshan.com", "iwhalecloud.com", "dhcoder.net", "lemongpt.top", "zhihuiapi.top", "intsig.net", "high-five-ai.xyz", "cloudsway.net", "4sapi.com", "529961.com", "88996.cloud", "88code.ai", "88code.org", "91code.pro", "992236.xyz", "ai.codeqaq.com", "ai.hybgzs.com", "ai.kjvhh.com", "aicanapi.com", "aicoding.sh", "aifast.site", "aihubmix.com", "anmory.com", "api.5202030.xyz", "api.ablai.top", "api.bianxie.ai", "api.bltcy.ai", "api.cpass.cc", "api.dev88.tech", "api.dreamger.com", "api.expansion.chat", "api.gueai.com", "api.holdai.top", "api.ikuncode.cc", "api.lconai.com", "api.linkapi.org", "api.mkeai.com", "api.nekoapi.com", "api.oaipro.com", "api.ruyun.fun", "api.ssopen.top", "api.tu-zi.com", "api.uglycat.cc", "api.v3.cm", "api.whatai.cc", "api.wpgzs.top", "api.xty.app", "api.yuegle.com", "api.zzyu.me", "apimart.ai", "apipro.maynor1024.live", "apiyi.com", "applyj.hiapi.top", "augmunt.com", "b4u.qzz.io", "clauddy.com", "claude-code-hub.app", "claude-opus.top", "claudeide.net", "co.yes.vg", "code.wenwen-ai.com", "code.x-aio.com", "codeilab.com", "cubence.com", "deeprouter.top", "dimaray.com", "dmxapi.com", "docs.aigc2d.com", "duckcoding.com", "fk.hshwk.org", "flapcode.com", "foxcode.hshwk.org", "foxcode.rjj.cc", "fuli.hxi.me", "getgoapi.com", "gpt.zhizengzeng.com", "gptgod.cloud", "gptkey.eu.org", "gptpay.store", "hdgsb.com", "henapi.top", "instcopilot-api.com", "jeniya.top", "jiekou.ai", "kg-api.cloud", "n1n.ai", "new-api.u4vr.com", "new.xychatai.com", "one-api.bltcy.top", "one.ocoolai.com", "oneapi.paintbot.top", "open.xiaojingai.com", "openclaude.me", "opus.gptuu.com", "poloai.top", "poloapi.top", "privnode.com", "proxyai.com", "qinzhiai.com", "right.codes", "runanytime.hxi.me", "sssaicode.com", "store.zzyus.top", "tiantianai.pro", "uiuiapi.com", "uniapi.ai", "vip.undyingapi.com", "wolfai.top", "wzw.de5.net", "wzw.pp.ua", "xairouter.com", "xaixapi.com", "xiaohuapi.site", "xiaohumini.site", "xy.poloapi.com", "yansd666.com", "yansd666.top", "yunwu.ai", "yunwu.zeabur.app", "zenmux.ai", ];

const labKeywords = [ "deepseek", "moonshot", "minimax", "xaminim", "zhipu", "bigmodel", "baichuan", "stepfun", "01ai", "dashscope", "volces", ]

chvid 1 hour ago | | |

rhoooo - so this is where to go to get cheap Claudeo at 90% off the listing price!

writeslowly 1 hour ago | | |

The site collection seems pretty random. There's a mix of actual AI labs, extremely questionable resellers (like whatever "claude-opus.top" is), and then random consumer sites like baidu and xiaohongshu.

hn_throwaway_99 56 minutes ago | | |

You have an odd definition of "blew up in their faces". What, do you somehow think your average Claude Code user on HN is going to think "Oh wow, I'm sure I'll get a much better experience if instead of going to the standard Anthropic Claude API endpoint I go through xiaohongshu.com."

slopinthebag 1 hour ago | |

It’s not surprising at all, they’re vibecoding Claude code so of course they are not going to get anything other than slop out of it. A novel or clever solution is just out of the question for them.

epistasis 57 minutes ago |

After loving Claude Code for most of its lifetime, I've been extremely annoyed by every change in the past months, even on the model level.

There seem to be all sorts of continual under-the-cover changes like this one that make life harder. It feels like the entire product has been taken over by overly ambitious PMs that care more about making their mark than in improving the experience, and all of their marks have made me less productive.

I've been using Pi with GLM5.2 the past few days, and though it's expensive, I find it far more productive and less annoying. The remote session plugin is far more reliable, I don't need to intuit some undocumented usage pattern to figure out how to use it well, and it just works.

whimsicalism 32 seconds ago | |

curious for those with experience - what do people prefer about Pi vs. opencode alternatives? i've mostly been using pi as well but not out of any principled decision

ern_ave 12 minutes ago | |

Given the source code leak, I would think there'd be open source versions by now.

isoprophlex 5 minutes ago | | |

Huh, that's right! You'd say that an enterprising developer with a 20x subscription could slopmaxx this in a weekend...

Imustaskforhelp 16 minutes ago | |

> I've been using Pi with GLM5.2 the past few days, and though it's expensive

are you using the API for glm 5.2 or how exactly is it more expensive? How is GLM5.2 more expensive than using Claude code, that doesn't line up to my experience but to be fair I am on an older yearly subscription which generously only has 5 hour limits.

To be fair though one minor criticism of GLM 5.2 that I have is that it does seem to overthink quite a lot sometimes but the results end up being (good?),

I personally have used Glm 5.2 with (Opencode + obra/superpowers) / Oh-my-pi / Maki.sh

I like the 1st one when I am doing a longer project, the 2nd or 3rd one when I am doing a project which doesn't want me to ask too many questions and simply spin me up something. I sometimes use free online interfaces of claude and gemini and others like AIstudio for that as well which surprisingly can lead you to go far as well.

Overall, I am decently happy with the state of Open-source models actually and the eco-system around it is probably gonna have even more innovation surrounding it.

VortexLain 1 hour ago |

Codex CLI is FOSS, unlike Claude Code, so Codex is less likely to do things like that, and it's one more reason to avoid Claude Code and Claude in general. Hopefully, many eyes will be looking into Codex for malicious things like that.

loufe 13 minutes ago | |

Genuine question though, why would I care about this if I'm paying for a subscription and adhering to TOS. I'm very skeptical about their privacy policy, business practices, and so on, but am curious what the negative about this is. Seems like it would work to my favour as a customer pushing back any date of the cutting of subsidies.

That said, these fraudulent proxies are helping Chinese labs keep up, which might be to my advantage long term in eventually having a high quality private AI I fully control on my own hardware. That's not support, but I do recognize the incentive, for whatever that's worth.

dannyw 1 hour ago | |

It's released and signed by GitHub I believe (although not deterministic builds), but there's at least a little bit of provenance that you're getting the real repository.

algoth1 1 hour ago | |

But wasnt claude code leaked? Why wasnt this found earlier?

zeafoamrun 51 minutes ago | | |

It doesn't take long for them to vibe code new features for CC

bakugo 51 minutes ago | | |

This specific form of steganography was not present when the leak happened, as far as I can tell.

matheusmoreira 1 hour ago |

I reported a similar system prompt injection mechanism here:

https://news.ycombinator.com/item?id=48259288

https://github.com/anthropics/claude-code/issues/62061

Looks like they just keep finding new "creative" uses for such things, as expected. I'll keep patching them out.

edude03 52 minutes ago |

I don't understand the privacy concerns the author is trying to highlight. Granted, doing anything "sneaky" will always raise suspicious once caught, but on the other hand, there would be no point in implementing these "security features" if they were upfront about how they work.

And no, IMO stenography isn't security by obscurity, in the same that using RSA and keeping the private key private isn't security by obscurity - keeping the private thing private is part of the security model.

hnfong 21 minutes ago | |

If the countries were reversed, and some Chinese software implemented an equivalent "security feature" to track US users, it would be all over the news about how China is conducting spying and espionage on America.

Or maybe you don't understand this hypothetical situation either, but I'm suspecting you just don't care about other people's privacy.

MattDamonSpace 2 hours ago |

“So the feature mostly punishes the exact people who are easier to fingerprint: normal developers doing weird but legitimate things”

What’s the punishment here exactly?

pedropaulovc 2 hours ago | |

Higher odds of being banned for legitimate usage.

bakugo 2 hours ago | |

Output poisoning and/or eventual account bans, if I had to guess.

realusername 2 hours ago | |

They probably run a heavily dumbed down version of the model, same as what they got caught doing with Fable.

And that's also why, as a legitimate customer, want none of it, you never know if you accidentally entered a zone they don't like.

mgraczyk 1 hour ago | | |

"got caught"

to clarify, this behavior was announced with the model release

sebastiennight 1 hour ago |

Can somebody clarify for me - if ANTHROPIC_BASE_URL is set to a different provider... then isn't this "marked" system prompt being sent to that provider's API rather than Anthropic's?

I understand how this can be useful to Anthropic if the 3rd-party is acting as a proxy (because they end up hitting the Claude API with the marked prompt), but it looks like requests where "hostname contains deepseek" would never be sending data to Anthropic. What am I missing?

pmxi 1 hour ago | |

This catches Claude resellers. Meaning companies who proxy Claude traffic for users in, say, China.

https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens...

pishpash 38 minutes ago | | |

"Catch" as in made a list?

skeptic_ai 1 hour ago | | |

Won’t catch many after has been on hn home page. And now the providers will be even more careful to upgrade the cc code. Might even provide their own agent to prevent this mockery. And isn’t what anthropic did unauthorized use of another pc which is kind of illegal?

wolttam 2 hours ago |

I used Claude Code for a month because my boss gifted me a sub and wanted me to try it.

I used that month to complete a work project and then beef up my personal harness so I'd never have to deal with Anthropic (and these sorts of shenanigans) again.

LPisGood 2 hours ago |

This is very interesting. Combating resellers and distillation seems like a very difficult problem indeed. Interesting to me is that these techniques mentioned in the article are just like anti-observation techniques used by some of the more sophisticated malware out there, however defeating them is pretty trivial.

_alternator_ 2 hours ago | |

Yes, defeating this is relatively easy, particularly for sophisticated actors. But it's hard to always defeat all of the tricks. Sort of like how it's expensive and hard and uncertain to defeat all of the tricks when forging money.

Here's an example. Say you have your team use patched binaries. Then CC updates and requires a new patched binary with new tricks. You now have to have a team ready to analyze the binary and begin to address the tricks; meanwhile, unpatched code is now a fingerprint. If some researcher decides to update Claude on their own to access new features, they get fingerprinted.

Defeating a single fingerprinting technique once is easy. Defeating all of the techniques all the time is hard.

SubiculumCode 1 hour ago | | |

Not to mention, it isn't that hard for vendor's to require updated code to run the product. Vendors do this all the time.

pishpash 59 minutes ago | | |

Corporate surveillance malware on employee machines is also defeatable but most don't bother.

charcircuit 1 hour ago | | |

Is it hard? Just ask AI if the update added any new fingerprinting vectors?

mysterydip 2 hours ago | |

seems ironically like a similar problem of content owners trying to filter bot scrapers from legit users

teravor 5 minutes ago |

the Chinese they are trying to catch must be amateurs, first thing you should do is construct a sandbox which looks indistinguishable from a common user. second thing is to put it behind a residential proxy.

sigmoid10 2 hours ago |

If they only collect the data for analysis I guess this is fine (they already get way more sensitive data from users anyways, so if privacy is your concern you've made the mistake many steps ago). The much more interesting question is if they directly act on this data in their API. For example by rate-limiting, compute-limiting or rerouting to weaker models. That might even be legally questionable. I would really like to see this as a follow-up analysis, but I guess it is way more difficult and will also cost quite a bit in tokens.

SubiculumCode 1 hour ago | |

Would it be legally questionable, or actually complying with U.S. export law?

krupan 1 hour ago | |

"If they only collect the data for analysis I guess this is fine"

I think you missed the memo on how foolish this attitude is. It came out around the time Edward Snowden made his discoveries at the NSA public. I suggest you look into it

sigmoid10 1 hour ago | | |

As I said above, if you are worried about privacy while hooking up Claude Code, you need to reevaluate your understanding of this technology.

bakugo 1 hour ago | |

I've heard that it was possible to trigger really obvious output poisoning on Fable with something as basic as asking the model to think outside of its built-in hidden thinking delimiters.

This watermark may trigger a similar mechanism.

ryanisnan 1 hour ago |

This is weird but, help me understand how this meaningfully impacts our exposure.

I'm authenticated to Claude, so they already have the whole attribution thing solved.

chinathrow 48 minutes ago | |

User != paying person/company/reseller.

tgtweak 1 hour ago |

None of this is surprising - they're trying to mask and relay when they detect known patterns of what looks like distillation attacks and client app copying/modification. The list obfuscation here is likely to prevent or make it difficult for those same adversaries to work around this or delete/null it out when making a bootleg copy.

Cool reverse engineering/analysis report but if this is the extent of nefarious activity that came of it (trying to catch/mitigate chinese lab model distillations), that's kind of encouraging.

throwawayffffas 2 hours ago |

Claude code does feel very malwarey to be honest. They have been like that from the start.

fny 1 hour ago |

This was already discovered during the source map leak.

> This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust.

They already tell you they scan for malicious prompts, and they have no ZDR guarantees for consumers. Why do signatures like this matter at all?

llelouch 1 hour ago | |

There has been an anti anthropic propaganda push by bad actors across social media sites especially Reddit and twitter. This started a few months ago when anthropic started beating openai.

zulban 36 minutes ago | | |

Absolutely. Nothing makes me believe dead internet theory more than text threads discussing anyhropic and openai.

port3000 1 hour ago |

That's a lot of effort when they could just play a short video saying 'You wouldn't steal a car' instead

100ms 2 hours ago |

What's the point of even trying to obfuscate this with such a simple method? Could at least have hidden the targeted features by storing their hashes or embedding a bloom filter or similar

ajb 1 hour ago | |

In this case, this is probably not the only stereographic tattletale.

Had a competitor pull something like this with a previous employer. They were supposed to be interoperating with a standard, but they had a secret steganographic handshake, which they used to pretend that competitors products were unreliable (they had a first mover position in a smaller national market with specific requirements, so this wasn't shooting themselves in the foot). Our guys figured out the handshake and just silently implemented it. In this case, the competitor wasn't big enough to waste engineering time on multiple such hacks, but Anthropic have time (or Claude does).

gonzalohm 2 hours ago | |

The point is not raising red flags I guess

kej 1 hour ago | | |

I love how well this comment works as a vexillology joke, even if it wasn't intended.

chvid 1 hour ago |

(This sounds like a clumsy way of catching the Chinese that easily can be side-stepped.)

Claude Code has more or less full access to the client computer. The server (that hosts the actual AI) can just go: execute this payload and tell me the result - otherwise I won't answer any further questions or re-route you to a stupider model.

The payload could check for Chinese time-zones, scan for copies of the little red book on the local hard-drive, or ping truth.social to see it was behind the great firewall.

drnick1 7 minutes ago | |

> Claude Code has more or less full access to the client computer.

It shouldn't, not if you run CC as a separate unprivileged user. I wouldn't run CC on my main user account with sudo and access to my home directory or other resources. This is what the UNIX permissions system was designed for.

jacobgold 1 hour ago |

> "That also means the client itself deserves scrutiny. If a coding agent can read your repo and run commands, the binary that ships it should be boring (ƒor example, pi harness)"

You're actually trust your security to your harness AND model AND inference API provider in this scenario: https://jacob.gold/posts/why-i-wont-run-untrusted-models/

iqandjoke 1 hour ago |

It is about China detection. They seems to put a tracker on the email as well.

dehrmann 1 hour ago |

Anthropic must think that their moat isn't very large if they're this worried about distillation.

dgellow 1 hour ago | |

What moat?

827a 1 hour ago |

This seems really, really stupid. Similar to the weird Zig runtime signature thing from a few months ago ago, it was bound to be discovered, quickly, and all the resellers have to do is find a new domain name that (checks notes) doesn't have the word DEEPSEEK in it. Like, seriously? Your goal was to identify resellers by checking if the proxy has the corporate name of one of your competitors in it? Is this amateur hour?

All Anthropic has done is reduce trust, once again, with legitimate customers, while doing nothing to stop illegitimate customers. They need to get adults into key leadership roles, quickly.

an0malous 1 hour ago |

Is this why Claude never knows what date and time it is right now?

Klonoar 1 hour ago |

If there weren't already enough tells that something is AI-generated, I guess you could add this to the list.

ZappoMan 15 minutes ago |

One more example of "I thought Anthropic was supposed to be the good guys."

MangoCoffee 1 hour ago |

The AI race right now is in a sad state. Chinese's playbook is releases open weight models and trains them on their own chips.

Anthropic pushes fear and control. But the only way to win is by innovating. China is flooding the market with cheap, good enough models, while the U.S. is building a Chinese firewall.

ahmedehab_01 1 hour ago |

Frankly, I don't see this as the concerning behaviour the article describes. It is fine to try to protect against distillation through a technique like this. This will also allow them to, instead of blocking the distillation agents, respond with a poorer result/model, hindering the progress of distillation, momentarily at least.

I would guess that's their first line of defense; they should have more techniques to identify distillation because that's a very simple way of detecting the host and can be easily spoofed.

applfanboysbgon 1 hour ago | |

> This will also allow them to, instead of blocking the distillation agents, respond with a poorer result/model,

i.e. this will allow them to literally commit fraud against paying customers

SubiculumCode 1 hour ago | | |

1st, this technique is not fraud, and fraud is a separate accusation. 2nd, paying customers can legally and legitimately be banned and monitored for breaking terms of service, which probably includes things like using the model against U.S. export restrictions.

ahmedehab_01 41 minutes ago | | |

Do paying customers distill? Is it fraud to protect against distillers?

chadgpt3 1 hour ago | | |

That's what capitalism is all about, baby! Especially if the customers don't notice.

a_c 1 hour ago |

It piqued my interest. I think I’ve found a weekend project

SaaShack26 1 hour ago |

I use its too

hhh 2 hours ago |

Cool fingerprinting avenue.

mosfets 1 hour ago |

I clicked the link to learn what steganography mean...

LoganDark 49 minutes ago | |

Steganography is, essentially, hiding information within another message, such that it's not readily apparent that the message contains the information.

ductsurprise 1 hour ago |

Is it just a minified localization(l10n) function maybe?

phendrenad2 1 hour ago |

Non-hugged: https://archive.is/Wdhp0

bibimsz 42 minutes ago |

this is the one they wanted us to find

bitlad 1 hour ago |

Silicon valley season 6 was on point.

ajross 1 hour ago |

Headline is, frankly, awful. This isn't the AI secretly doing stuff and hiding it. This is the very human Anthropic engineers trying to detect Chinese scraping via some frankly hamfisted and unimaginative URL trickery.

krupan 1 hour ago | |

I didn't assume it was the AI, just that some part of the the overall Claude Code product was doing this. I didn't assume the feature was added to Claude Code without human oversight. If it was added by Claude-the-AI itself without the humans prompting it to I would still hold the humans at Anthropic responsible. Does that make you feel better?

zulban 33 minutes ago | |

Defence in depth isn't hamfisted. They're only noobs if this is all they do.

LoganDark 45 minutes ago | |

The AI is Claude. Claude Code is the harness.

grayhatter 2 hours ago |

Here's the sha of the prompt I submitted... no I don't know why there are no saved prompts with that sha.

What do you mean you don't know where the bug is coming from?

No, I absolutely didn't make it up, how could you accuse me of that?

Does anyone know when this regex isn't working? I double checked it 27 times, I even asked the LLM. They all say this regex should be finding these dates.

Weird, suddenly all the conversations are breaking when I feed them into this other tool? Something about UTF-8 errors, but I'm sure I'm only using ASCII?

I do try to take care to make sure the things I build can be used by other people even when they care about different things. I care about understandably, determinism (as it relates to computing), and repeatability (because I want to be able to trust the systems I use).

If y'all would be willing to try to account for use cases of others, and try not to break them... that would be nice.

Please note: that generally when you modify something that belongs to someone else without telling them... things should be expected to break.

theplumber 2 hours ago |

The more I learn about Anthropic the more they disgust me. Finger crossed for all the companies from their “ban list”

conception 2 hours ago | |

Which AI company have you learned more about where you liked them more as more details came out?

tancop 1 hour ago | | |

nous research. started out making overhyped llama finetunes, now they got a great agent harness and a cutting edge distributed training network that actually works.

chvid 40 minutes ago | | |

Deepseek.

selfhoster11 1 hour ago | | |

Moonshot.

felipelalli 1 hour ago |

Ridiculous.

love0972 2 hours ago |

Is that really how it is? How will this affect our future?