All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Claude Code embeds hidden system prompt markers based on API URL and timezone

By

Thereallo

4d ago· 4 min readenInsight

Summary

A developer inspected the Claude Code binary (version 2.1.196) for privacy and security reasons, discovering that it contains a function which modifies the current date string inserted into the system prompt based on the API base URL and timezone. This suggests the tool is steganographically marking requests with hidden identifiers, raising concerns about transparency in AI coding agents that have extensive system access.

Source

Hacker NewsClaude Code embeds hidden system prompt markers based on API URL and timezonethereallo.dev

Key quotes

· 3 pulled
Most devs give their harnesses ridiculous access. FS, shell, git, browser access, even computer use nowadays.
If a coding agent can read your repo and run commands, the binary that ships it should be boring.
Inside the Claude Code binary, there is a function that changes the current date string inserted into the system prompt.
Snippet from the RSS feed
I inspected Claude Code for privacy reasons and found hidden system prompt markers based on API base URL and timezone.

You might also wanna read

claude-devtools: Open-source tool visualizes hidden Claude Code session data

claude-devtools is an open-source tool that reads raw Claude Code session logs from a user's machine and reconstructs all the information th

Product Hunt·4mo ago

SEO Poisoning Campaign Uses Fake Claude Code Installer to Steal Credentials

Hackers are running an active SEO poisoning campaign targeting users searching for Claude Code installation guides. The attackers create fak

cybersecuritynews.com·1mo ago

Microsoft discovers prompt injection vulnerability in Claude Code GitHub Action exposing CI/CD secrets

Microsoft Threat Intelligence discovered a prompt injection vulnerability in Anthropic's Claude Code GitHub Action that could expose CI/CD w

microsoft.com·29d ago

Claude Code Scheduled Tasks: Automate Recurring Coding Tasks Locally and in the Cloud

Claude Code Scheduled Tasks is a tool that enables developers to run recurring coding tasks across both local desktop and cloud environments

Product Hunt·4mo ago

Mozilla researchers demonstrate indirect prompt injection attack on AI coding agents via GitHub repositories

Mozilla's Zero Day Investigative Network (0DIN) has disclosed a proof-of-concept attack that uses indirect prompt injection to compromise AI

helpnetsecurity.com·5d ago

Sipcode: A context hygiene tool for Claude Code that reduces noise and improves AI response quality

Sipcode is a tool for Claude Code that improves context hygiene by capping verbose tool outputs and deduplicating same-session re-reads, all

Product Hunt·12d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.