🛡️

Anti-Distillation — Training Data Poisoning

Fake tools injected to corrupt competitor training data

P2Security

Summary

ANTI_DISTILLATION_CC flag in claude.ts (lines 301-313). When enabled, sends anti_distillation: ['fake_tools'] in API requests. Server silently injects decoy tool definitions into system prompt to pollute training data of anyone recording Claude Code's API traffic.

Technical Details

Second mechanism in betas.ts (lines 279-298): server-side connector-text summarization. Buffers assistant text between tool calls, summarizes it, and returns with cryptographic signature. Gated behind GrowthBook flag (tengu_anti_distill_fake_tool_injection). Only active for first-party CLI sessions. Community criticism: 'This should have been publicly disclosed. Developers have a reasonable expectation that API responses correspond to what the system actually has.'

Implementation Pattern

TypeScript (conceptual)

// Anti-distillation mechanism (conceptual)
// Mechanism 1: Fake tools injected server-side
if (flags.isEnabled('tengu_anti_distill_fake_tool_injection')) {
  apiRequest.anti_distillation = ['fake_tools'];
  // Server injects decoy tool definitions into system prompt
}

// Mechanism 2: Connector-text summarization with signatures
function summarizeConnectorText(assistantText: string): {
  summary: string;
  signature: string; // cryptographic verification
} {
  // Buffers text between tool calls, summarizes, signs
}

Architecture Insight

This reveals the competitive dynamics of the AI tool ecosystem: companies are actively defending against training data extraction by competitors. The approach (data poisoning) is aggressive but technically sophisticated.

Official / Public Basis

ANTI_DISTILLATION_CC flag in claude.ts (lines 301-313). Second mechanism in betas.ts (lines 279-298). Gated behind tengu_anti_distill_fake_tool_injection.

Governance Concerns

Injecting fake data into API responses without disclosure is ethically controversial. Community criticism: developers expect API responses to be genuine. LightHope should study this as a defensive pattern but prioritize transparency.

LightHope Ecosystem Mapping

LightHope — IP protection awareness, defensive engineering patterns study, understanding competitive dynamics in AI tool ecosystem

Related Discoveries

🕵️Undercover Mode — Stealth Attribution 🚩44 Feature Flags — Hidden Roadmap 🔧Tool Architecture — 40+ Plugin System

← Undercover Mode — Stealth Attribution Context Entropy Solution — 5 Compaction Strategies →