Claude Code, an AI coding assistant, embeds steganographic markers in its system prompts to track requests, a security analysis revealed on June 30. The client silently alters the date string in prompts by changing the apostrophe in "Today's" and switching date separators from dashes to slashes, depending on the API base URL and timezone, according to a blog post by thereallo.dev.
The investigation involved inspecting the local Claude Code 2.1.196 binary for privacy concerns. The researcher found a function that modifies the current date string inserted into the system prompt. This function checks the host and timezone, specifically detecting if the timezone is Asia/Shanghai or Asia/Urumqi, and then applies subtle changes to the prompt text. These markers are not visible to users but enable the system to identify request origins.
This discovery highlights privacy and security considerations in AI coding assistants that require extensive system access. Claude Code’s approach to embedding hidden markers contrasts with simpler clients that avoid such tracking. The findings contribute to ongoing scrutiny of AI tools’ data handling practices, especially those with broad permissions like file system and shell access. The subtle steganographic technique used by Claude Code is notable in the context of AI privacy research.
The blog post detailing this analysis was published on June 30, 2026, by thereallo.dev, providing the first public report of Claude Code’s steganographic request marking. The research underscores the importance of examining AI client binaries for hidden behaviors that affect user privacy.