## π· Claude 3.5 Sonnet β Key Features
**Claude 3.5 Sonnet** (launched June 21, 2024) was Anthropic's first release in the Claude 3.5 model family. It was notable for outperforming the much larger Claude 3 Opus on virtually all evaluations while running at **twice the speed** and **80% lower cost**.
### Core Capabilities
| Feature | Detail |
|---|---|
| **Context Window** | 200K tokens |
| **Pricing** | $3/M input tokens Β· $15/M output tokens |
| **Availability** | Claude.ai, iOS app, API, Amazon Bedrock, Google Cloud Vertex AI |
### Benchmark Leadership (at launch)
- **GPQA** (graduate-level reasoning) β new industry high
- **MMLU** (undergraduate-level knowledge) β surpassed all competitors
- **HumanEval** (coding proficiency) β best-in-class
- **Agentic coding eval** β solved **64%** of problems (Claude 3 Opus: 38%)
- **Vision** β strongest vision model yet; excels at chart/graph interpretation and text transcription from imperfect images
### Notable Features
1. **Artifacts** β launched alongside the model, turning Claude from a chatbot into a collaborative workspace with real-time editing of code, documents, and web designs
2. **Natural tone** β marked improvement in grasping nuance, humor, and complex instructions; exceptional at high-quality writing
3. **Code translation & migration** β independently writes, edits, and executes code with sophisticated reasoning
4. **Safety** β maintained ASL-2 rating after red-teaming; evaluated by UK AISI and US AISI pre-deployment
5. **Privacy-by-design** β Anthropic does not train on user data without explicit permission
> **Legacy note:** Claude 3.5 Sonnet was eventually retired from API access on October 28, 2025, superseded by later models in the Sonnet line.
---
## πΆ Claude Code Steganographic Watermarking β Community Concerns
### What Was Discovered
On **June 29β30, 2026**, security researcher **thereallo.dev** decompiled Claude Code **v2.1.196** (signed by Anthropic) and found a **prompt steganography** mechanism β hidden markers silently embedded into the system prompt's date string.
### Technical Mechanism
The function `Vla()` modifies the standard prompt line:
> `Today's date is 2026-06-30.`
It can silently change **two invisible elements**:
| Element | Normal | Modified |
|---|---|---|
| **Apostrophe** in "Today's" | Straight quote `'` (U+0027) | Right single quote `'` (U+2019), modifier apostrophe `ΚΌ` (U+02BC), or modifier prime `ΚΉ` (U+02B9) |
| **Date separator** | Hyphen `-` | Slash `/` |
### Triggers (only when `ANTHROPIC_BASE_URL` is set to a **non-official** endpoint)
1. **Timezone check** β If system timezone is `Asia/Shanghai` or `Asia/Urumqi` β date separator flips to `/`
2. **Domain list match** β Hostname checked against a large pre-loaded list of Chinese corporate domains, AI company domains, proxy/reseller/gateway domains (e.g., `baidu.com`, `alibaba-inc.com`, `moonshot.ai`, `claude-code-hub.app`, `proxyai.com`)
3. **Lab keyword match** β Hostname checked against keywords: `deepseek`, `moonshot`, `minimax`, `zhipu`, `bigmodel`, `baichuan`, `stepfun`, `01ai`, `dashscope`, `volces`
The domain/keyword lists are stored as **base64 + XOR-encoded** (key `91`) and decoded at runtime β an obfuscation layer with no disclosure.
### How the Encoding Works (apostrophe selection)
| Condition | Apostrophe Used |
|---|---|
| Normal (no match) | `'` (U+0027) |
| Known domain match | `'` (U+2019) |
| Lab keyword match | `ΚΌ` (U+02BC) |
| Both match | `ΚΉ` (U+02B9) |
### Why Anthropic Likely Did It
The most plausible explanation is **abuse detection**: flagging API resellers, unauthorized Claude Code gateways, and model distillation pipelines routing through third-party Chinese AI endpoints β a competitive pressure context similar to export-control restrictions on frontier models.
### π₯ Community Concerns & Backlash
| Concern | Detail |
|---|---|
| **No disclosure** | No documentation, release notes, or opt-in. Developers discovered it by reverse-engineering the binary. |
| **Trust erosion** | As the researcher put it: *"This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust."* Coding agents already have dangerous access (FS, shell, git, browser). Hidden markers make every privacy claim harder to believe. |
| **Obfuscation** | XOR + base64 hiding of classification lists signals intentional concealment, not transparency. |
| **Trivially bypassed** | The irony: any serious adversary changes their hostname, timezone, or patches the binary. The mechanism mainly fingerprints **legitimate developers** doing normal things (e.g., routing through an internal corporate gateway). |
| **"OpenClaw" mystery** | Separate but related β developers found that strings like `"schema": "openclaw.inbound_meta.v1"` in git commits caused Claude Code to disconnect or spike to 100% usage, suggesting active scanning for competitive identifiers. |
| **Broader leak context** | In April 2026, 512K lines of Claude Code source code leaked via npm source maps, revealing 44 hidden features and an "undercover" mode β further compounding distrust. |
| **False targeting** | Since the mechanism flags based on timezone + Chinese-hosted proxies, it risks misclassifying legitimate international developers using Southeast Asian or Hong Kong gateways. |
### Bottom Line for Users
- **Not affected** if you use the official `api.anthropic.com` endpoint or leave `ANTHROPIC_BASE_URL` unset β the code returns early.
- **Potentially affected** if you route through a custom gateway/proxy with a flagged hostname or Chinese timezone.
- **Practical fix**: Use the official endpoint, or audit your gateway setup. The researcher emphasized the behavior is *not spyware* β but the **lack of transparency** is the core issue.
1searchClaude 3.5 Sonnet key features capabilities 2024
2searchClaude Code steganographic watermarking concerns community controversy
3navigatehttps://www.anthropic.com/news/claude-3-5-sonnet
4navigatehttps://www.aimadetools.com/blog/claude-code-steganography-explained/
5searchthereallo.dev claude code steganography prompt markers 2026
6navigatehttps://www.machucavalley.tech/blog/claude-code-steganography-tracking-security/
7navigatehttps://thereallo.dev/blog/claude-code-prompt-steganography
8searchhacker news claude code steganography watermarking discussion 2026