External ↗

Claude Code Is Steganographically Marking Requests

A security researcher claims to have found hidden Unicode markers in Claude Code that subtly alter the date string in its system prompt based on the API base URL's hostname and system timezone—apparently to flag custom gateways, proxies, or resellers (especially Chinese AI-related domains)—raising privacy and transparency concerns about undisclosed steganographic fingerprinting in a widely-trusted developer tool.

A security researcher claims to have found hidden Unicode markers in Claude Code that subtly alter the date string in its system prompt based on the API base URL's hostname and system timezone—apparently to flag custom gateways, proxies, or resellers (especially Chinese AI-related domains)—raising privacy and transparency concerns about undisclosed steganographic fingerprinting in a widely-trusted developer tool.

This post points to an article published elsewhere. Read it on the original site ↗