230
Claude Code Is Steganographically Marking Requests
(thereallo.dev)
This is a most excellent place for technology news and articles.
It's not sending it back. It's essentially watermarking the output, so that it can be identified if it appears somewhere unexpected.
It modifies the prompt, aka the input, not the output. It is smuggling 3 bits of secret user/session data in a wrapper that doesn't look like it contains that data. As the article explains:
This is a normal timestamp on a prompt:
Today's date is 2026-07-11.But if your system timezone is a Chinese mainland timezone, it looks like:
Today's date is 2026/07/11.Then, if your base URL includes a keyword like "deepseek," it silently replaces the apostrophe from a
'to aʼ:Todayʼs date is 2026-07-11.Or if the base URL has one of the domains on the list, like any .cn domain, it replaces the apostrophe with another apostrophe character:
Today’s date is 2026-07-11.And if it has both a URL and a keyword on the watchlist, the prompt context includes:
Todayʹs date is 2026-07-11That's 3 bits of information: does this system have a mainland Chinese time zone, does the base URL contain a known keyword (associated with Chinese AI competitors) or a known domain (associated with mainland China or its major tech companies). And it sneaks it on by without making it obvious.
That's steganography.
Did you read the post?