Claude is listening

This recent blog post from Anthropic is notion­ally about a cyber espi­onage operation, but it has a shadow subject, too: the revelation, or maybe just the reminder, that Claude Code is recording every­thing you do and saving it on a far-off server.

The post begins:

In mid-September 2025, we detected sus­pi­cious activity that later inves­ti­ga­tion deter­mined to be a highly sophis­ti­cated espi­onage campaign.

There’s an inter­esting eli­sion in that introduction, and throughout the larger report: how did Anthropic detect this operation?

The answer, of course, is that they record every­thing, for either five years or 30 days (the minimum). But here is a wrinkle:

We retain inputs and out­puts for up to 2 years and trust and safety clas­si­fi­ca­tion scores for up to 7 years if your chat or ses­sion is flagged by our trust and safety clas­si­fiers as vio­lating our Usage Policy.

In all cases, we may retain chats and coding ses­sions as required by law or as nec­es­sary to combat vio­la­tions of our Usage Policy.

The larger report basi­cally nar­rates a set of Claude Code prompts. The thing to notice, therefore, is that Anthropic could nar­rate your Claude Code prompts just as easily. Not that they would! You cer­tainly aren’t trying to hack anyone!

And yet.

If the sur­veil­lance site was plain old Claude, the web app, I sup­pose I wouldn’t be surprised; in 2025, the con­sumer web par­a­digm car­ries the assump­tion of rav­enous uni­versal telemetry. So it’s the Claude Code angle that feels, to me, jarring. I am not yet accus­tomed to having my com­mand line monitored.

One wonders, naturally, about the fuzzy edges of those trust and safety clas­si­fiers; about the kinds of code, the kinds of work — political work, maybe — that might lift a half-baked pro­gram out of the anony­mous mass.