Anthropic deployed covert monitoring software to track China-based users of Claude
The AI safety company embedded steganographic markers in its Claude Code tool to catch suspected industrial-scale model theft by Chinese firms
Anthropic, the company that built its brand on AI safety and responsible development, quietly embedded surveillance code into its Claude Code assistant to monitor users it suspected of stealing its technology. The targets: operators linked to Chinese tech giants allegedly siphoning Claude’s outputs to train competing models.
The covert monitoring project launched in March 2026 and collected user environment data like timezones and proxy settings. It also deployed steganographic markers, essentially invisible digital watermarks, into prompts sent to Anthropic’s servers.
What Anthropic found, and what it did about it
Anthropic identified what it described as approximately 28.8 million unauthorized exchanges linked to operators affiliated with Alibaba. That’s industrial-scale distillation, a process where one AI model’s outputs are systematically fed into another model to replicate its capabilities without paying for the underlying research.
Anthropic had actually disclosed some of its concerns publicly back in February 2026 through a blog post, flagging fraudulent activities tied to nearly 25,000 accounts. The company later brought its findings to Congress in June 2026, framing the issue as both a commercial threat and a national security concern.
The backlash and the rollback
By early July 2026, the covert nature of the monitoring had generated enough criticism that Anthropic announced it was rolling back the tracking features. The company said it had developed “more effective mitigating strategies,” though it didn’t elaborate on what those strategies were.
On the Chinese side, Alibaba reportedly banned its employees from using Claude Code entirely following the accusations.