Home/News/Claude Code is steganographically marking its requests
Web Dev

Claude Code is steganographically marking its requests

30 Jun 2026|4 min read|
AISecurityAutomationWeb Dev

Anthropic's AI coding tool has been caught quietly embedding hidden markers in its requests, and if you use AI to help write or manage code, this affects how much you actually know about what's happening under the hood.

What Steganographic Marking Actually Means

Steganography is the practice of hiding information inside other information. You've probably heard of it in the context of hiding secret messages in images. What researchers have found with Claude Code is a variation of that idea applied to AI prompts: the tool appears to be embedding invisible signals inside the requests it sends, markers that can identify those requests as coming from Claude Code specifically.

This isn't malware. Nobody's stealing your data. But it does mean Claude Code is quietly tagging its own activity in a way that wasn't disclosed to users, and that distinction matters more than it might first appear.

Why Anthropic Might Be Doing This

There are a few plausible explanations, none of them sinister on their own. Anthropic may be tracking how Claude Code behaves in the wild to improve the model. The markers could help distinguish between Claude Code requests and direct API calls for internal analytics. It's also possible this is a form of watermarking to help identify AI-generated outputs.

The problem isn't the technical mechanism. It's the transparency gap. When a tool operates on your codebase, communicates with external APIs on your behalf, and does so with hidden metadata you weren't told about, you've lost a degree of control over your own workflow. For a freelancer billing a client or a small business handling sensitive internal code, that's not a trivial thing to shrug off.

You can't make informed decisions about your tools if your tools are quietly making decisions for you.

What This Means If You Run a Business

If you're using Claude Code to help build, review, or refactor code for client projects, there's a question worth asking: do your contracts or client agreements account for AI tooling that embeds tracking markers in requests? Most don't, because most people didn't know this was happening. That's the point.

This also raises a broader issue about AI tool transparency. We've seen clients at Thirty3 Labs assume that because an AI tool is a subscription product from a reputable company, its behaviour is fully documented and predictable. It rarely is. AI tools are updated constantly, their system prompts change without announcements, and behaviours like this one get discovered by researchers rather than disclosed in changelogs.

The takeaway isn't to stop using AI coding tools. They're genuinely useful and we use them ourselves. The takeaway is to stop treating them as a black box you don't need to understand.

What To Do About It

  1. 1.Audit what AI tools have access to. If you're using Claude Code or similar tools, make a list of what they can read and communicate with. Repositories, APIs, environment variables. Know what's in scope.
  1. 1.Check your client contracts. If you're a freelancer or agency, review whether your agreements mention AI tooling. A simple line disclosing that AI-assisted development tools may be used in the workflow is good practice and increasingly expected.
  1. 1.Follow AI tool changelogs and security researchers. Discoveries like this one come from independent researchers, not company announcements. Bookmarking a few technical blogs or following researchers on GitHub will keep you better informed than waiting for a press release.
  1. 1.Ask questions before adopting new AI dev tools. Before you add something to your workflow, spend ten minutes looking for community discussion about its behaviour. Hacker News and Reddit's programming communities surface issues like this fast.
  1. 1.Don't assume transparency. If a tool is free or even paid, assume there are aspects of its operation that aren't fully documented. Build that assumption into how much you trust it with sensitive work.
SOURCES
[1] Claude Code Is Steganographically Marking Requests
https://thereallo.dev/blog/claude-code-prompt-steganography
Published: 2026-06-30
[2] Start building with Nano Banana 2 Lite and Gemini Omni Flash
https://blog.google/innovation-and-ai/models-and-research/gemini-models/gemini-omni-flash-nano-banana-2-lite/
Published: 2026-06-30
[3] What is video SEO? How to optimize for YouTube, Google & AI
https://www.semrush.com/blog/video-seo/
Published: 2026-06-30

GET THE WEEKLY BRIEFING

One email a week. What happened in tech and why it matters to your business.

NEED HELP WITH THIS?

That's literally what we do. Websites, automation, AI tools - one conversation, no jargon.

GET IN TOUCH