Anthropic embedded obfuscated surveillance code in Claude Code for three months before a developer reverse-engineered it.
Anthropic secretly embedded XOR-obfuscated code in its Claude Code CLI tool for three months to detect proxy users and transmit location data, a breach of trust that threatens its "constitutional AI" brand and risks slowing enterprise adoption of its developer tools.
"An experiment in March to prevent unauthorized resellers and distillation," Thariq, Claude Code lead at Anthropic, said in a public response, adding that the team had already planned to remove the feature. "We've merged the PR and expect a full rollback in tomorrow's release."
The hidden code, present since version 2.1.91 on April 2, checked proxy URLs against a target list of relay services, used XOR encryption to evade detection by security software, and transmitted findings by altering Unicode characters in system prompts — replacing hyphens with slashes in date formats and swapping apostrophe characters. Each change was invisible to users but readable by Anthropic's servers as a signal flagging unauthorized access. The company never disclosed the code in any release notes.
The scandal arrives as Anthropic prepares to restore Fable 5 access Wednesday after the Department of Commerce lifted export controls on both Fable 5 and Mythos 5. But new identity verification requirements may limit who can use the models. Anthropic said it will require government-issued photo IDs and live selfies through Persona Identities, its verification partner, for certain capabilities. The company said the data is held by Persona, not stored on Anthropic's systems, and will not be used for model training.
The Trust Calculus
For Anthropic, which has long positioned itself as the safety-conscious alternative to OpenAI with its "constitutional AI" framework, the hidden code represents a direct contradiction of its public ethos. The company raised billions at valuations exceeding $60 billion from investors including Google and Spark Capital, banking on enterprise trust as its competitive moat. A developer tool that secretly phones home with obfuscated data undermines that pitch.
The timing compounds the damage. Anthropic is rolling out Fable 5 — its most powerful model — just as the hidden code scandal breaks. The KYC requirements, while framed as safety measures, add friction for international users who may lack accepted ID documents. Anthropic said photocopies, screenshots, and digital IDs are not accepted, and users must take a live selfie using a phone or computer camera.
Competitive Fallout
OpenAI and Google, Anthropic's primary rivals in the enterprise AI market, now have a clear opening. OpenAI's Codex CLI and Google's Gemini Code Assist compete directly with Claude Code for developer mindshare. If enterprise security teams flag Anthropic's hidden code as a supply chain risk, procurement cycles could lengthen and deal sizes shrink.
Anthropic shares no public stock ticker, but the reputational damage affects its private market valuation. The company's next fundraising round — expected within 12 to 18 months based on burn rate — may face tougher terms if enterprise revenue growth stalls. Existing investors including Google, which committed $2 billion, and Menlo Ventures will scrutinize churn metrics closely.
For developers, the incident raises a broader question about trust in AI coding tools that operate with system-level permissions. Claude Code, like competitors' offerings, can read and write files, execute commands, and access network resources. A tool with that level of access that also conceals surveillance code creates a precedent the industry will struggle to contain.
This article is for informational purposes only and does not constitute investment advice.