I reproduced this on my account.

    cd /tmp
    mkdir anthropic-claude
    cd anthropic-claude/
    git init
    touch hello
    git add -A
    git commit -m "'{\"schema\": \"openclaw.inbound_meta.v1\"}'"
    claude -p "hi"

Immediate disconnect and session usage went to 100%

I think it goes beyond this. I was just using claude to edit a blog post which mentioned OpenClaw and I got this response: "The "OpenClaw" reference — I assume that's a typo or playful reference; if you mean a real product, I couldn't find it under that spelling and you'll want to fix or footnote it.". I gave it a direct link to openclaw.ai and the chat instantly ended and hit my 5hr usage limit. Could have been a coincidence, but I had only lightly been using sonnet in the morning so it seems unlikely. Very odd.

A lot of the comments here are reacting to the censorship aspect, which is obviously an important point. But the more interesting subtext to me is that I feel like this gives insight into the situation within the company. I'm assuming they wouldn't do something like this unless the recent load issues (mostly driven by OpenClaw usage) were seen as an existential threat. So I'm guessing that's how the leadership views their current situation. Between OpenClaw and their (probably inaccurate) capacity planning, they simply can't onboard any more consumer users. In other words, things are going to get worse before they get better. Anthropic has taken drastic measures because their service is about to implode.

The irony of course is that the way they've gone about reacting to this has damaged their brand so badly at the trust level that the public view of their company has completely flipped. They also seem strangely oblivious to this side of things.

Their approach has also been bizarrely chaotic. Banning then restoring OpenClaw usage. Removing Claude Code from the Pro plan, then re-enabling it and claiming it was an A/B test. Honestly my read is that Dario has a weak leadership style within the company where he either doesn't give enough specific guidance to his reports or overreaches with reactionary instructions.

Claude.ai is now at a 98.85% uptime. There's been so many frustrations with Claude / Anthropic lately (very heavy usage limits, wrong A / B testing, etc.).

Claude status: https://status.claude.com/

I have been really happy with my Codex subscription lately, but feels like these things change every other day. The OpenCode Go subscription for trying out GLM, Kimi, Qwen, Deepseek and friends also looks useful.

But nonetheless, Opus 4.6 is a very capable model, but justifying a Claude subscription gets more and more difficult, think I might just sometimes use it through OpenRouter or as part of something like Cursor (although I'm not sure about the value of that subscription as well).

OpenCode Go: https://opencode.ai/go

Cursor: https://cursor.com

This is very concerning. Their heavy handed tactics haven't impacted me personally yet but I am increasingly nervous and casting about for viable egress paths if I need to flee Claude Code. I really hope they pump the breaks and thoroughly reorient themselves. They are under a lot of competing pressures and probably can't make a decision that won't upset a lot of people (in order to balance growth and capacity etc), but are coming to the worst possible conclusions.

For instance, maybe you can't afford to take on more customers right now, Anthropic. Maybe if you are severely undermining the customer relationships you already have, you should just admit you can't sell any more 20x plans right now and only accept new customers at lower tiers until you have the necessary capacity.

This is also a DoS you could drive a truck through, and it's disturbing such an obvious vulnerability was shipped at all.

It's fascinating to see all these bugs in Claude Code - HERMES.md, this OpenClaw issue, the recent thinking-message pruning and cache-skipping bugs.

They seem like the class of bugs I see in my vibe-coding experiments, and I think the Claude Code lead has said many times that he/his team don't read the code for Claude Code themselves, that it's basically vibe-coded.

If Anthropic itself can't make vibe coding work, who can?

That is a huge red-flag. While I understand that they will do some policing/censoring, this is way beyond what I would consider acceptable.

They can have a different price plan for agentic stuff, but these things where they “accidentally” whoops match on specific keywords and trigger extra usage charges is giving a evil-microsoft-vibe

If anyone is interested in a peek into why they are being so aggressive, check the “AI Hype” board [1]; beyond all the interesting local models (why I read it), it is usually filled with projects for circumventing LLM provider restrictions which are wildly popular (and frequently Chinese- no shade).

The #3 result today is: “End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research”. The “research” for anti-fraud is “how to get around it”.

It looks a lot like an arms race, and we are getting caught in the middle of it.

1. https://hype.replicate.dev/

same vain as https://news.ycombinator.com/item?id=47952722 ?

  HERMES.md in commit messages causes requests to route to extra usage billing  
  1203 points | 21 hours ago | 524 comments

@bcherny well need a bit more than a "Fixed" here... https://github.com/anthropics/claude-code/issues/53262#issue...

That’s incredibly frustrating.

I’ve got a NixOS Qemu VM I use to run openclaw in. I had Claude help me set it up, and it runs local models on my own machine in a config based sandbox.

Why should Claude block or charge extra to work on that?

Why should Claude care if I have instructions for Hermes or OpenClaw in my project repos?

This fingerprinting is incredibly sloppy for how much access to a machine Claude code has.

Imagin i wanted to vibecode a claw machine. I might need a function called openClaw() to release the item. Perhaps im a huge microsoft fan, and use c# Now its OpenClaw()

And suddenly, unexplainably my bill would skyrocket?

Things like these (Google also banned me from Antigravity for briefly using an agent) and the massive quality swings made me cancel all 3 subs last week and resort to my local Qwen 3.6 only. Open models are already great and only getting better, and I really enjoy the privacy and consistency of a model I run myself.

They are trying to make a moat where no possibility of creating a moat exists.

It’s a huge mistake at the level of IBM trying to reestablish dominance over PCs by making MicroChannel the new standard; this failed horribly and cost IBM its market leadership and reputation.

MCA was technically better at the time, but the industry responded with EISA and VLBus which led to PCI and today’s PCIe.

Is Anthropic speedrunning their fall from grace? Their "stand" against the US government, but not really, happened roughly two months ago. Yet they've been doing something stupid every week since. Who is running this company?

I really want to stick with A\ given everything known about Altman, but man are they speedrunning the "how to destroy your reputation" guidebook.

Also what has been happening a long time is that if you try to do any opencode development Anthropic models will start replacing the word opencode with claude intermittently.

Imagine how difficult tool calling gets, when your ~/projects/opencode path gets intermittently replaced to ~/projects/claude during the roundtrip to Anthropic API

They have been fighting back a while already, eroding trust in their models as a price.

I was even able to have an absurd conversation with Claude about it, quite kafkaesque

I think it's more over claude code cli thing we can still use api within the subscription (no extra cost associated) Try getting access token from the system keychain (under the "Claude Code-credentials" entry) and replaying it with specific headers (system: [ {"type":"text","text":"x-anthropic-billing-header: cc_version=2.1.118.f05; cc_entrypoint=sdk-cli; cch=8c860;"}, {"type":"text","text":"You are a Claude agent."} ]) On v1/messages api with model of your choice it works I have tried.

"I'm sorry Dave, I'm afraid I can't do that" is getting realer with each passing day. As well as arguing with your front door from Ubik.

I find it incredibly that after all the good faith Claude Code built during 2025 they are destroying users trust is such amateurish ways (same as hermes.md)

I don't understand how, having access to Mythos and unlimited use, their solution to open harnesses is lazy string regex-style matching.

I currently subscribe to four basic plans: Google's, Anthropic's, OpenAI's and Kimi's. Was thinking about cancelling Kimi, but that makes me rethink my decision.

It's a shame, because while Kimi 2.6 is indeed quite capable, its thinking mode is quite wasteful, and Opus is a joy to work with.

Looks like as if building all your workflow around an expensive black box in the cloud you have no control off could be a problem!

Subscription models only work when marginal costs are low and/or there’s a good variety of usage that roughly averages out. Or, you need to be able to kick out abuse.

Unfortunately for those of us who just want to eat a nice filling meal at the fixed price all you can eat buffet of AI subscriptions, a minority of customers keeps paying for the all you can eat buffet and staying for hours and bringing containers to sneak food out when they leave. And they keep wearing disguises to try and evade detection.

It’s a losing battle for the provider, which ultimately means the subscription pricing model can’t work, which hurts the majority of customers that just want to use the system as intended and no longer have a subscription model available.

I have plenty of frustrations with Anthropic as a paying customer, but this specific false positive abuse detection doesn’t strike me as all that awful, just some annoying collateral damage. I’d rather have that than no subscription model at all.

Would it be possible to do some prompt injection so this string has the same effect but from a website ?

So if you add some special string to the docs, it stops Claude ?

It sounds like Anthropic is dangerously low on compute availability if they’re prioritizing these refusals as their OKRs.

Wow so like there are many services that rely on anthropics api.. if for example I inject the word openclaw into a bunch of chat bots or voice bots that might be using anthropics API would this also break them…

When compute poverty hits these big labs it’s all going to be the same. The ping pong tables and drinks fridges disappear.

The only thing they can hope for is to maintain momentum and critical mass long enough to find ways to pay for all this or have Moores law make the average user request become economical.

LOL DeepSeek V4 just reduced their price to less than $1 per million tokens for Pro and people are worried about Claude

So it seems that Anthropic has a hidden list of special words that redirect billing without warning or disclosure. And when this is pointed out as a billing error they say they won't refund until it gets the HN treatment. If they can/will bill you differently based on actual use then it seems like how they determine that use is important to disclose right?

Who remembers the Google of Eric Schmidt and "Don't Be Evil"?

The truth is that it doesn't matter what companies say, what they claim, what they do, and what their CEO says/claims/does.

It's just a matter of time until the shareholders will get the right CEO to maximize shareholder value.

People in the comments who want a statement or a "reorientation" or a commitment from Anthropic leadership are missing the principles of how capitalism functions. Shareholder value cannot be compromised. In every battle between morality and profit, values and profit, public good and profit, ultimately all things will mutate into a state that enables profit to prevail. Always.

There are no exceptions to this.

Not reproducible anymore.

However, "claude -p hi" immediately ate 3% of my quota.

(I didn't use claude for like a month, so absolutely fresh).

There's probably a few things to consider

* How much CPU/token usage does openclaw users use in general? Similarly, how much does high volume openclaw users use vs "normal" claude high volume users?

* Are there political elements we can't see that's affecting this? OpenClaw and anthropic doesn't have a good history in general and this is just a continuation of that?

Something I don't understand, there's a lot of complaints yet people are reluctant to stop using the service? Are folks already vendor locked or is it a case of "well, this doesn't seem to affect me?" The consumer behaviour of these complaints is very interesting.

Seriously why does Anthropic have so many shenanigans? I once wanted to try claude code coming from codex, but seeing these made me lose any appetite. Plus they are not open to the broader ecosystems like not reading .agents folder etc

If one made a folder with say, a million common markdown files, HERMES, OPENCLAW, the likes. Let the check filter search 1M files with lots of LLM generated nonsense?

If we are going to filter usage, there are a lot of reverse attacks to that effort that could appear.

I just wonder if this is the needle in the bubble?

Previously: https://news.ycombinator.com/item?id=47691021

At least we can assume that Anthropic eats their own dog food. They use Claude to develop their software.

why do people want to continue to use anthropic despite their shitty service? its not like they have some kind of lock-in as it is still new company and it has shown its color before we are stuck with it unlike google/meta etc.

This is a real concern for open source projects that integrate with multiple AI backends. I built OpenVision (github.com/rayl15/OpenVision), an iOS app connecting Meta Ray-Ban glasses to AI assistants — one of the supported backends is OpenClaw. If Claude Code is flagging or penalizing commits that simply mention a competitor's name, that has a chilling effect on open source developers who build tooling that wraps or integrates multiple AI providers. The "safe" behavior should be to complete the coding task and let users make their own product choices.

It is funny in a sense that they did added a mitigation for openclaw as it seems.

But, if they did intentionally break other stuff, like charging more money, it would be a scam (not sure what is wrong but there is something wrong in taking credits without fulfilling the request)

But then they will just say "ah yeah, aí broke our tool it wasn't intentional, bla bla bla"

Several people at work, none use OpenClaw, had their limits jump immediately to 100%.

This is a reason to seriously consider changing providers.

I'm stepping away from LLMs in general and did cancel Claude code subscription this month because I respect myself very much and I deserve a better and transparent treatment.

If you must - in my experience Deepseek v4 is incredible value in every aspect. Pricing is transparent.

But like I said, I have funds in different AI gateways but I'm preferring to write by hand because I don't want surprising bugs and unnecessary code in my end result.

Sure. They want the data all to themselves. This reminds me of a time when I wanted to tax different types of web content. But back then people cared about freedom.

do they literally just have a regex match for all of their competitor harnesses?

They seem to be getting quite comfortable altering the terms of use without notifying users.

is it me or are they somewhat actively destroying their hard earned good reputation...?

That's funny, today I casually mentioned OpenClaw in a Claude chat on finance and it claimed to know nothing of what I was talking about...

looks like it's fixed (i tried it with my claude account)

Honestly, this isn't a change really from how anthropic has operated for a long, long time. They did the same with OpenCode, pi, etc. There isn't anything that can stop you from using the SDK, however.

Anthropic is losing a ton of goodwill by not being more honest about their constraints. They've been buckling under load for months, and instead of doing the most honest thing (keep weekly usage limits same, make 5 hour usage limits have surge pricing where the usage-cost of X tokens is scaled based on dynamic load), they're doing a lot of hacky things to try to get a similar effect. I suspect they feel the optics of being honest would be too bad, so instead it's a slow bleed where they piss off users one by one

Wonder if they tested that with actual code.

I asked claude if it thought openclaw was better. It said it didn't know what openclaw was.

This is what being banned in the age of LLMs will look like.

So... what if you are a contributor to OpenClaw and like using Claude Code? Simply not allowed?

possibly related, it errors if my working directory is a checkout of OpenCode. i was using CC to work on some patches for OC and had to work in a parent directory and then tell Claude to work on the files inside the "opencode" folder.

We are going to need agent neutrality laws soon.

A friendly reminder to any Claude subscribers, that you were probably auto-opted-in to "Extra Usage". You can disable it on the "Usage" page [0] before getting a bill for "extra" usage.

0: https://claude.ai/settings/usage

I am reminded of user-agent sniffing and the idiocy that created. One would hope that this leads to less self-identifying overall. At this point it looks less like a cat-and-mouse game but more like a cat-and-cat game, but all the cats are equally retarded. I suppose it makes for good entertainment for the rest of us who don't need to use, and now have another reason not to start using, all this AI stuff.

If it matters then it needs to be open source.

Do as I do. Just call it OpenClown from now on.

OpenClaw can just rebrand again, problem solved!

“Wow, can’t believe our metrics this month, usage is way up! all our users are maxing out their token limits, KPI already achieved for the quarter!”

Everyday they make me dislike them even more

Everyday they make dislike them even more

i wouldn't be surprised if we see class action lawsuits from this given it's so easily reproducible by so many

Surely they can just ask Claude Code to fix this? After all, coding is a solved problem right?

So far, after reading ~20 HN comments, I see one mention of something akin to "I verified this myself". Where are the people saying "Maybe this is true, but please tell me you considered other explanations first!"

I try to avoid X, and I put relatively low credence in a HN account I don't know. [1] Browsing X, it looks like something like 1 out of 20 say they verified.

Who here has _verified_ this claim or can find a _quality_ source that has? Not X. Someone who will take serious reputational or financial damage if they are wrong?

It is 2026. Think about epistemics. What do you believe and why? And why should I believe you if you aren't asking this question?

This situation has many characteristics of being an information cascade. [2] Raise your hand if you piled on before thinking it through. Be honest. Everyone does it sometimes. Intellectually honest people own it.

P.S. I am _not_ making a claim about the original statement. Don't shoot the messenger: somebody needs to say what I'm saying.

[1]: "We cannot trust identity like we used to here on HN ... we live in a world or anyone or any AI can claim almost anything ... https://news.ycombinator.com/item?id=47804884

[2]: https://en.wikipedia.org/wiki/Information_cascade

Highly relevant: https://en.wikipedia.org/wiki/Principal–agent_problem

(You're the principal, directing what to do, but your agent Anthropic has its own motivations that are not aligned with your will.)

I find it interesting that I use Opus tokens and I have 0 issues.

I hereby propose we rename the HN frontpage to "Claude Customer Support"

Is it just me or everybody finds the "charging extra" a bit vague? I don't deny it simply curious: how much?

Just curious if that is automatic or someone manually check all that

I love their vibe coded "anti-abuse" systems :D

How the hell did something like this ever make into the product?

I can't even have Claude assist in creating a Hermes or OpenClaw agent that utilizes a 3rd party API?

Claude is bad for business....that is painfully obvious.

At this point I assume you are coping with having drank the koolaid and fired key staff believing claude will replace them...back when it was cheap....because nearsightedness affects decision makers much more during hype cycles......

This is Skynet 8.0.

After they fought humans and dumbed them down into AI-slavery, the machines now fight one another. Claude versus OpenClaw - may the worst win! \o/

I am using Claude Code with GLM, Kimi, MiniMax and Xiaomi MiMo. So this doesn't happen to me. :P

Imagine you trained the large language model which is too dangerous for humanity but you regexp over git commits to solve your subscription subsidy issues

I tried to replicate this but Claude was already down https://status.claude.com/

When asking about Openclaw in normal Claude Webchat it very peculiarly denied knowing what that is.

Even when asked to search online it still gaslighted me about it.

But Peter Steinberger said that openclaw was “fully supported” with a subscription through claude -p.

Do these refusals still happen if you’re using an API key instead?

So I suppose Anthropic lied to him?

Ok I am usually defending Anthropic, but it seems like this OpenClaw and Hermes ban was implemented incredibly poorly; it looks like a simple regex.

Didn’t they think about “we need to make sure Claude Code is never banned” ? Could have been as easy as including some Claude Code specific prompting traits (tools, system prompt, whatever) in there and automatically whitelisting it.

Is it foolproof? No. Will it avoid banning legit users? Absolutely.

First do the first large sweep, then see what still falls through, then ban those.

It really seems they were panicking due to capacity and there was very little oversight with all this.

I’m not affected but pretty disappointed.

The account posted is a massive grifter. He trolls twitter to make content for his youtube channel, which seems to be his primary occupation.

I am not saying that claude has not done this, I am just saying you need a better source than the Jake Paul of tech influencers.

Having had Claude Code jump to inserting juvenile and all-filtering regex to (attempt to) solve open-ended semantic natural language problems (-sigh- there's 12 hours of my life I'll never get back), I can absolutely imagine that this was someone trying to code up a "defense in depth" mechanic that was explosively insufficient after Claude Code (even Opus 4.6) made a series of faulty assumptions.

This one feels like prime space for Hanlon's razor: "Never attribute to malice that which is adequately explained by stupidity."

The hassle with the performance of these systems is that they're ~70% of the way to awesome. For advanced prototyping (my current job description), a fast 60% of awesome is groundbreaking and game-changing. For production and real businesses, that last 30% is a really, really important thing to figure out.

Oh come on Anthropic, just admit straight away that any other pricing than usage-based is completely unsustainable and is being phased out.. maybe doing it once but officially could save you some brand damage.

People who think LLMs are neutral tools are delusional. They will be used not just to shape public discourse (like "social networks") but more importantly they can be used to shape an individual's thinking.

If facebook/twitter/reddit are perfectly OK with intentionally increasing addictivity but are restricted by having to show you only existing stuff, what do you think will happen when LLM companies can generate new stuff tailored to each individual person?

Anthropic IPO will be massive, it'll start dirt cheap (thanks FUD) and it'll reach the moon in no time, to /s or not to /s, that is the question

Interesting people talking about whether they should be "defended," here or whatnot, and all of that strikes me as wildly naive.

They have a business model that's more or less known, and that includes THEIR AI model(s) that they get to put out there however they want. I don't like it much at all, I actually sort of like the idea that they "owe" more because they probably "stole" a bunch of stuff to get the thing going.

But I mean, don't be mad, be proactive. Anthropic is going to try to Microsoft this in whatever way possible, and we all see that the numbers don't really add up.

Asking them pretty please to be nicer, meh. Let's figure out better, and more free-software-like ways to do this.

OK, so, OpenAI represents the worst of Silicon Valley 2026.

Anthropic is going a different direction but not better.

But, but, but Opus 4.7 says "I'm Claude, an AI assistant made by Anthropic. I'm not familiar with "OpenClaw". How could it be that it somehow knows about OpenClaw anyway. Clearly these tools does NOT work as stated.

This is almost like shadow-banning.

Absurd, really.

what a company with really bad customer practices. I'm really glad I moved entirely to open source models. if you're disgusted by these practices as I am, I really recommend you use opencode (or any of the other 20 agents) and the GLM 5.1, or Kimi K2.6 or Deepseek V4 Pro models. You will be shocked how effective they are.

haven't used claude in about 2 weeks and I do not miss it.

[flagged]

[dead]

[dead]

[flagged]

[dead]

[dead]

[dead]

[dead]

[dead]

[flagged]

[dead]

the most relevant person on this industry Theo - t3.gg /s

I think that’s an ok move, definitely better than canceling code on pro users for example, I would support to even have a new pricing tier only for openclaw, so they don’t ruin the usage on others. I noticed the ones who use claude code usually are software developers or sysadmins, meanwhile most openclaw ones are your average HR stacy and lazy middle managers, so yeah, it should be a separate tier for them.

So what's next ... they are going to charge you a 30% commission on your sales for products build with their tools?

openClaw does so muhc more then Claude code tbh, running 9 agents from the one machine, schedual some tasks, add some personal personas for each agent, claudeCode (which i like alot) is on rails, openClaw is full openworld.

rate the analogy plz..

I have two comments. One this feels like anti-competitive behavior that should not be accepted or allowed. Two, how can people support this?

There are multiple comments in this thread with comments along the line of: "Oh im sure they didn't mean to, let's not attribute this to malice". There is a long history here of lawyers, back and forth between OpenCode and OpenClaw and various other "Open" harnesses. Digging into my commit history and blocking access based off of a string is not acceptable for a product in my opinion -- and I don't think this was purely on accident.

Other comments calling out that they are compute constrained and need to do this in order to continue functioning. They shouldn't oversell then. I think that overselling airline tickets is abhorrent and so is overselling any product in a way that you know that you will impact legitimate customers. Up your pricing and/or stop accepting invites, we will quickly get to the bottom of it.

A company does not deserve the benefit of the doubt over and over and over again.