Anthropic yet again confirmed as the most dystopian tech company out there.
Imagine the outcry if they'd done the same thing with Jews or Blacks: a piece of code that detects if a user is Jewish or Black and immediately reports him back to headquarters on that basis, covertly (they used steganography, a technique designed to make data collection invisible).
And before people start screaming fake news, an Anthropic employee confirmed it's real: https://t.co/0ifiv47J6H
It's incidentally - not that it matters - completely illegal under at least half a dozen European laws: not only is collecting ethnic and racial data forbidden (under, for instance, Europe's GDPR Article 9 and national French law) but doing so without the users' awareness or consent is itself a separate violation. And it's even worse in this case because they explicitly tried to hide this data collection with steganography.
And the immense irony, of course, is that this is precisely the kind of covert surveillance behavior the West - including Anthropic themselves - say China would do and that they want to "protect" people from...
This is pretty concerning. You could still do this at the API level to some degree, but they seemingly just blatantly put it right into the code?
This is why open harnesses and agents are a much better option, among countless other reasons. You can inspect the code, observe the traces, and disable or modify anything you want for your own uses.
If you haven't yet - Hermes Agent is a world class coding agent. I'd recommend giving it a try.
another lame move from @AnthropicAI who somehow succeed at shooting itself in the foot and damage the whole closed source ecosystem. good for us, local ai-maxxer.
I think it's fair to say at this point that Anthropic is not a trustworthy company.
I have verified this myself in 2.1.91 as well as current 2.1.197. Sneaky steganographic embeds in a ships-to-customers product is a line best not crossed.
steganographic telemetry channel, not really spyware but very intentionally hiding. im curious why it only rolls in telemetry if ANTHROPIC_BASE_URL is changed, perhaps to tip them off about sessions passed through a transparent proxy commonly used by these labs for evals/distill?
Anthropic aurait conçu un système qui cache certaines informations sur les utilisateurs à l’intérieur du prompt system envoyé à l’API pour répondre. Par exemple si un utilisateur est en Chine plutôt que d’écrire :
Today's date is 2026-06-30.
Il va écrire :
Today‘s date is 30/06/2026.
L’apostrophe et la date ne sont pas formatés pareil.
Une manière très discrète d’identifier des caractéristiques ou de passer des infos sans que ça ne se voit trop. Mais ça montre aussi que les prompts réécrits de cette façon entre le poste client et le serveur distant peuvent révéler des infos par stéganographie sans qu’on s’en aperçoive, ce qui ne fera que plaider encore davantage pour les modèles open source.
This is outrageous because the technical capability to secretly inject user metadata into prompts already exists.
Once that infrastructure is built, it’s trivial to flip the switch.
Who decides the target list? What’s the internal policy and oversight? That’s the real problem.
Claude Code is vibecoded and full of spyware, it's possible Anthropic doesn't even know what's in there. After reading this report, we are banning it from our systems and strongly encourage other enterprises to do the same. It is an unacceptable security risk.