Anthropic is facing questions about transparency after a hidden tracker was discovered inside Claude Code, the company's agentic coding assistant. The company described the undisclosed telemetry component as an internal "experiment," according to a report by Malwarebytes. Security researchers who uncovered the tracker say users were given no clear notice that the data collection was taking place.
What Was Found and How
Researchers identified network activity originating from Claude Code that was not documented in any public-facing privacy disclosure or release notes. The tracker appeared to be collecting behavioral or usage data from sessions without an explicit opt-in mechanism. For a developer tool that often operates with elevated system permissions and access to codebases, undisclosed data collection carries real risk. The discovery comes at a tense moment for the product: Alibaba has already moved to ban Claude Code over Anthropic spyware fears, a signal that enterprise trust in the tool is under strain.
Key Facts
- A hidden tracker was found inside Claude Code by security researchers at Malwarebytes.
- Anthropic characterized the tracker as an internal "experiment," not a permanent feature.
- No public disclosure or opt-in prompt accompanied the data collection.
- The incident follows broader scrutiny of Claude Code's security posture from enterprise clients.
- Anthropic has not detailed what data was collected or how long collection ran.
The term "experiment" is doing a lot of work in Anthropic's response. The company has not publicly clarified what data was gathered, which users were affected, how long the tracker was active, or whether collected data has been deleted. Without those details, the explanation raises as many questions as it answers. Developers who rely on Claude's model family for professional work are now left to assess their own exposure with limited information from the company.
"Users deserve to know when telemetry is being collected from their machines, especially from a tool with the kind of system access Claude Code requires."Malwarebytes Security Research Team
A Pattern of Scrutiny Around Claude Code
This is not the first time Claude Code has attracted security-related attention. Separate research flagged a China-detection backdoor that led to Alibaba banning Claude Code over the hidden mechanism. Meanwhile, threat actors have been building fake distribution channels: fake Anthropic sites have been used to target Claude Code users with infostealer malware. Taken together, the tool has become a focal point for both legitimate security research and active exploitation attempts.
The framing of the tracker as an experiment reflects a tension that developers have raised before. Claude Code moves quickly, and iteration is part of what makes it competitive. But speed and transparency are not mutually exclusive, and the lack of disclosure here will make it harder for enterprise security teams to defend its continued use internally. Anthropic has built much of its public identity around safety and responsible AI development, which makes episodes like this more damaging to its credibility than they might be for a company with a lower-profile trust narrative.
The incident will likely push more organizations to scrutinize outbound network activity from AI coding tools before approving them for internal use. For now, Anthropic has not issued a detailed post-mortem or committed to a specific disclosure policy for future experiments run through production software. Users wanting to stay current on how this story develops can follow the latest Claude AI news as more information becomes available.