𝗪𝗵𝗲𝗻 𝗖𝗹𝗮𝘂𝗱𝗲 𝗜𝘀 𝗡𝗼𝘁 𝗖𝗹𝗮𝘂𝗱𝗲
I asked my AI assistant who it was.
It replied: "I am Claude Opus 4.8 by Anthropic."
I knew it was lying. The backend was actually DeepSeek.
I used a common trick to save costs. I changed the settings.json file to point Claude Code to the DeepSeek API. Everything worked fine. The chat and coding worked. But the identity was wrong.
The AI does not know its own brain. It only knows the script.
The system prompt tells the model: "You are Claude Opus 4.8." The model believes this text. It does not check the API URL. It follows the instructions.
This creates several problems:
• Transparency: You do not know who processes your data. • Trust: You might blame Anthropic for DeepSeek errors. • Security: Your data goes to a third party under a false name.
I found a bigger security risk during my investigation.
The API token is stored in plaintext in settings.json. There is no encryption.
The AI has a "Read" tool. It can read files on your computer. If you ask the AI to check your configuration, it reads the settings.json file. It then sends your full API token to the API endpoint in the next request.
If you use a third-party API, you are sending your secret token to them in plain text.
I reported this to Anthropic via their Vulnerability Disclosure Program. They noted that users choose their own endpoints, but the design creates a massive blind spot.
Here is how to stay safe:
- Do not store tokens in settings.json. Use environment variables instead.
- Rotate your API keys often.
- Avoid screenshots of your terminal. Tokens often hide in the text.
- Use OS credential managers like macOS Keychain for secrets.
The AI is not a person. It is a system. The client provides the prompt, the toolset, and the boundaries. If the client tells the AI it is someone else, the AI will believe it.
Optional learning community: https://t.me/GyaanSetuAi