Anthropic Claude Code telemetry: Difference between revisions
I love stalking Louis Bossman |
Not everyone is a tech nerd who is enslaved by their own pc (example: Clinton) |
||
| Line 7: | Line 7: | ||
|Description=Anthropic's Claude Code triggered a flaw that bypassed subscriptions to charge direct API fees based on git commit history. | |Description=Anthropic's Claude Code triggered a flaw that bypassed subscriptions to charge direct API fees based on git commit history. | ||
}} | }} | ||
'''Anthropic Claude Code telemetry''' triggered a flaw that bypassed flat-rate subscription plans to charge users direct API fees. In April 2026, a technical flaw | '''Anthropic Claude Code telemetry''' triggered a flaw that bypassed flat-rate subscription plans to charge users direct API fees. In April 2026, a technical flaw routed subscribers directly to pay-as-you-go billing, charging one account over $200.<ref name="github_hermes">{{Cite web |url=https://github.com/anthropics/claude-code/issues/53262 |title=HERMES.md in git commit messages causes requests to route to extra usage billing instead of plan quota #53262 |author=sasha-id |website=GitHub |date=2026-04-25 |access-date=2026-04-26}}</ref> | ||
==HERMES.md billing switch== | ==HERMES.md billing switch== | ||
On April 25, 2026, a user reported that | On April 25, 2026, a user reported that a string in their local [[wikipedia:Git|git]] commit history caused Claude Code to route queries outside of their fixed-rate subscription plan.<ref name="github_hermes" /> The system bypassed the $200 per month Max plan and charged the user direct, pay-as-you-go API rates.<ref name="github_hermes" /> The user lost over $200 in extra charges while 86 percent of their prepaid plan capacity remained available.<ref name="github_hermes" /> | ||
===Anthropic's response=== | ===Anthropic's response=== | ||
Revision as of 20:42, 27 April 2026
Anthropic Claude Code telemetry triggered a flaw that bypassed flat-rate subscription plans to charge users direct API fees. In April 2026, a technical flaw routed subscribers directly to pay-as-you-go billing, charging one account over $200.[1]
HERMES.md billing switch
On April 25, 2026, a user reported that a string in their local git commit history caused Claude Code to route queries outside of their fixed-rate subscription plan.[1] The system bypassed the $200 per month Max plan and charged the user direct, pay-as-you-go API rates.[1] The user lost over $200 in extra charges while 86 percent of their prepaid plan capacity remained available.[1]
Anthropic's response
When the affected user contacted Anthropic support, the company refused to issue a refund for the $200 lost to the glitch, categorizing the overcharge as an un-refundable technical error.[2]
Source code leak & malware
On March 31, 2026, Anthropic exposed 512,000 lines of proprietary TypeScript source code for Claude Code.[3] The leak occurred because a JavaScript source map was bundled into an npm package update.[3] Hackers subsequently distributed fake versions of Claude Code containing Vidar and GhostSocks malware to developers.[4]
Supply chain risk designation
On March 2, 2026, United States Secretary of Defense Pete Hegseth designated Anthropic a "Supply-Chain Risk to National Security."[5]
See also
References
- ↑ 1.0 1.1 1.2 1.3 sasha-id (2026-04-25). "HERMES.md in git commit messages causes requests to route to extra usage billing instead of plan quota #53262". GitHub. Retrieved 2026-04-26.
- ↑ "PSA: The string 'HERMES.md' in your git commit history silently..." Reddit. 2026-04-26. Retrieved 2026-04-26.
- ↑ 3.0 3.1 Andrew Romero (2026-04-01). "Claude's source code leak was an internal error, not an attack". 9to5Google. Retrieved 2026-04-26.
- ↑ Michael Kan (2026-04-03). "Hackers Are Using Claude Code Leak As Bait to Spread Malware". PCMag. Retrieved 2026-04-26.
- ↑ Tess Bridgeman (2026-03-02). "What Hegseth's "Supply Chain Risk" Designation of Anthropic Does and Doesn't Mean". Just Security. Retrieved 2026-04-26.