229
Claude Code Is Steganographically Marking Requests
(thereallo.dev)
This is a most excellent place for technology news and articles.
That's not what steganography is. There is no hidden message here.
Your assertion baffles me. The CC client is sending information about its execution context back to Anthropic HQ in a sneaky, obfuscated way that most people wouldn't notice.
If that's not a hidden message, if that's not steganography, what is?
It's not sending it back. It's essentially watermarking the output, so that it can be identified if it appears somewhere unexpected.
It modifies the prompt, aka the input, not the output. It is smuggling 3 bits of secret user/session data in a wrapper that doesn't look like it contains that data. As the article explains:
This is a normal timestamp on a prompt:
Today's date is 2026-07-11.But if your system timezone is a Chinese mainland timezone, it looks like:
Today's date is 2026/07/11.Then, if your base URL includes a keyword like "deepseek," it silently replaces the apostrophe from a
'to aʼ:Todayʼs date is 2026-07-11.Or if the base URL has one of the domains on the list, like any .cn domain, it replaces the apostrophe with another apostrophe character:
Today’s date is 2026-07-11.And if it has both a URL and a keyword on the watchlist, the prompt context includes:
Todayʹs date is 2026-07-11That's 3 bits of information: does this system have a mainland Chinese time zone, does the base URL contain a known keyword (associated with Chinese AI competitors) or a known domain (associated with mainland China or its major tech companies). And it sneaks it on by without making it obvious.
That's steganography.
Did you read the post?
Yeah I thought steganography was hiding messages in images.
Ok I just looked it up, apparently it can be anything. Images, audio, video, or even text.
I remember I had this Perl module once that would convert passwords into a binary string and then convert that string into spaces and tabs. Looked like a blank file. I guess that was technically steganography.
No, that's encoding. If you hid that message inside another message, that would be steganography.
It is a message hidden in a message. The hidden message is the binary password, and the container message is "[blank]"
Steganography can include hiding binary strings inside of pretty much any file type