Claude Code is steganographically marking requests
Points and comments are a snapshot, not live.
Claude Code silently alters system prompts with Unicode steganography to detect custom API gateways and resellers.
An engineer inspecting Claude Code 2.1.196 found a function that replaces the date prompt's apostrophe and separator with Unicode variants based on `ANTHROPIC_BASE_URL`. The binary checks timezone (Asia/Shanghai or Asia/Urumqi) and matches hostnames against a base64/XOR-decoded list of Chinese corporate domains, AI lab domains, and proxy/reseller gateways. Four apostrophe variants encode classification: normal, known domain (\u2019), lab keyword (\u02BC), both (\u02B9). The marker is embedded in the system prompt sent to Anthropic's backend.
The author argues Anthropic likely aims to detect API resellers, unauthorized gateways, and distillation pipelines, but calls the implementation a trust-eroding choice. The feature only activates with a custom base URL; official API users see normal prompts. The bypass is trivial (change hostname, timezone, or patch the binary), so it mostly punishes legitimate developers using proxies or internal gateways.
What commenters are saying
Commenters split over whether this is benign or deceptive. Several note the technique mirrors malware anti-analysis methods, though defeating it is easy for sophisticated actors. One commenter warns that constant cat-and-mouse patching creates a fingerprinting burden for legitimate users. Others speculate the classification could trigger model degradation or bans, citing Anthropic's past behavior with Fable. A few defend the practice as normal anti-fraud, while others call it legally questionable consumer fraud or GDPR-violating. Multiple commenters recommend switching to open-source or self-hosted alternatives like DeepSeek to avoid vendor lock-in.