Anthropic Claude Code telemetry

Anthropic Claude Code telemetry triggered a flaw that bypassed flat-rate subscription plans to charge users direct API fees. In April 2026, a technical flaw routed subscribers directly to pay-as-you-go billing, charging one account over $200.^[1]

HERMES.md billing switch

On April 25, 2026, a user reported that a string in their local git commit history caused Claude Code to route queries outside of their fixed-rate subscription plan.^[1] The system bypassed the $200 per month Max plan and charged the user direct, pay-as-you-go API rates.^[1] The user lost over $200 in extra charges while 86 percent of their prepaid plan capacity remained available.^[1]

Anthropic's response

When the affected user contacted Anthropic support, the company refused to issue a refund for the $200 lost to the glitch, categorizing the overcharge as an un-refundable technical error.^[2]

Source code leak & malware

On March 31, 2026, Anthropic exposed 512,000 lines of proprietary TypeScript source code for Claude Code.^[3] The leak occurred because a JavaScript source map was bundled into an npm package update.^[3] Hackers subsequently distributed fake versions of Claude Code containing Vidar and GhostSocks malware to developers.^[4]

Supply chain risk designation

On March 2, 2026, United States Secretary of Defense Pete Hegseth designated Anthropic a "Supply-Chain Risk to National Security."^[5]

References

↑ ^1.0 ^1.1 ^1.2 ^1.3 sasha-id (2026-04-25). "HERMES.md in git commit messages causes requests to route to extra usage billing instead of plan quota #53262". GitHub. Retrieved 2026-04-26.
↑ "PSA: The string 'HERMES.md' in your git commit history silently..." Reddit. 2026-04-26. Retrieved 2026-04-26.
↑ ^3.0 ^3.1 Andrew Romero (2026-04-01). "Claude's source code leak was an internal error, not an attack". 9to5Google. Retrieved 2026-04-26.
↑ Michael Kan (2026-04-03). "Hackers Are Using Claude Code Leak As Bait to Spread Malware". PCMag. Retrieved 2026-04-26.
↑ Tess Bridgeman (2026-03-02). "What Hegseth's "Supply Chain Risk" Designation of Anthropic Does and Doesn't Mean". Just Security. Retrieved 2026-04-26.

[github_hermes-1] 1.0 ^1.1 ^1.2 ^1.3 sasha-id (2026-04-25). "HERMES.md in git commit messages causes requests to route to extra usage billing instead of plan quota #53262". GitHub. Retrieved 2026-04-26.

[reddit_psa-2] "PSA: The string 'HERMES.md' in your git commit history silently..." Reddit. 2026-04-26. Retrieved 2026-04-26.

[9to5-3] 3.0 ^3.1 Andrew Romero (2026-04-01). "Claude's source code leak was an internal error, not an attack". 9to5Google. Retrieved 2026-04-26.

[pcmag_malware-4] Michael Kan (2026-04-03). "Hackers Are Using Claude Code Leak As Bait to Spread Malware". PCMag. Retrieved 2026-04-26.

[justsec-5] Tess Bridgeman (2026-03-02). "What Hegseth's "Supply Chain Risk" Designation of Anthropic Does and Doesn't Mean". Just Security. Retrieved 2026-04-26.

[1]

[2]

[3]

[4]

[5]

HERMES.md billing switch

Anthropic's response

Source code leak & malware

Supply chain risk designation

See also

References