Alexander documented that a case-sensitive substring match on 'HERMES.md' in git commit context silently rerouted all his API calls from his $200/month Max 20x plan quota to extra-usage billing at full per-token rates. His dashboard showed 86% capacity remaining while $200.98 was consumed from credits, with no warning or explanation — only a cryptic 'out of extra usage' error after the fact.
The editorial argues that wiring an anti-abuse detection mechanism into billing routing rather than content moderation is a fundamental architectural mistake. A legitimate anti-jailbreak filter should reject or flag suspicious requests, not silently switch the payment rail so the user is charged at a higher rate with zero transparency.
Alexander had to perform a methodical binary search across repos and commit messages to isolate the trigger, testing variations like 'hermes.md', 'HERMES', and 'HERMES.txt' before pinpointing the exact case-sensitive match. The fact that a paying customer needed this level of forensic debugging to discover why they were being billed — with no server-side logging, no billing event explanation, and no dashboard anomaly — points to a systemic lack of usage transparency.
The editorial highlights that Claude Code sends recent git commit messages as part of the API context payload, meaning arbitrary user-controlled strings flow directly into Anthropic's anti-abuse and billing logic. This creates an inherently fragile system where any developer whose commit history happens to contain a trigger string — in this case a reference to the Hermes family of uncensored LLMs — gets silently penalized through billing rerouting rather than explicit content moderation.
On April 25, a developer named Alexander (@sasha-id) filed [GitHub issue #53262](https://github.com/anthropics/claude-code/issues/53262) against Anthropic's Claude Code repository with a title that reads like a debugging war story: "HERMES.md in git commit messages causes requests to route to extra usage billing instead of plan quota."
The root cause was almost absurdly specific. Claude Code sends recent git commit messages as part of the context payload to Anthropic's API. An anti-abuse filter in the billing pipeline performed a case-sensitive substring match on that context. If the exact string `HERMES.md` appeared anywhere in a commit message, every subsequent API call was silently rerouted from the user's included plan quota to their "extra usage" credit balance — at full per-token rates. Alexander was on a Max 20x plan at $200/month. His dashboard showed 86% of weekly capacity remaining. Yet $200.98 had been silently consumed from his extra-usage credits, and the only indication was a cryptic "out of extra usage" error that gave zero hint about the actual cause.
The debugging that uncovered this was methodical and impressive. Alexander performed a binary search across repos and commit messages, eventually isolating that `HERMES.md` (exact case) triggered the bug while `hermes.md`, `HERMES`, and `HERMES.txt` did not. An actual file named `HERMES.md` on disk with a clean commit history was fine. An orphan branch in the same repo was fine. It was specifically the string appearing in commit message context that tripped the filter.
The "why" behind the filter is easy to guess. Hermes is a well-known family of uncensored LLM models. Anthropic likely added `HERMES.md` as a trigger string to detect jailbreak or prompt injection attempts being smuggled through context windows. The problem is that this anti-abuse logic was wired into billing routing, not content moderation — and it operated with zero transparency.
This is a billing system that makes charging decisions based on the content of your code, and you have no way to know what strings are on the list. There's no documentation, no warning, no error message that says "your request was flagged by anti-abuse and billed at a different rate." The user experience is indistinguishable from normal usage until you notice the money is gone.
The community reaction was fierce. The original issue collected 141 upvotes and 206 confused reactions. But the real fireworks came from Anthropic's initial support response, posted just six minutes after the issue was filed. A support representative acknowledged the billing issue and apologized — then explicitly refused a refund, stating: "we are unable to issue compensation for degraded service or technical errors that result in incorrect billing routing."
That comment received 519 downvotes. Alexander's follow-up asking "Can I get my refund now?" received 522 upvotes. The asymmetry tells you everything about where community sentiment landed.
Boris Cherny, an Anthropic collaborator, closed the issue roughly ten hours later with a terse confirmation: "Thanks for the report! This was an overactive anti-abuse system. Fixed." The bug was patched, but as of the public thread, the $200.98 refund was never explicitly confirmed.
Multiple commenters pointed out the obvious: $200 is a rounding error for a company valued north of $60 billion. Refusing the refund over a bug in their own billing pipeline isn't a financial decision — it's a precedent decision. And the precedent it sets is: if our systems silently overcharge you due to our bug, that's your problem.
If you're using Claude Code — or any AI coding tool that bills per-token through an API — this incident should update your mental model in three ways.
First, monitor your billing independently. Don't trust the provider's dashboard as your only source of truth. Set up your own token-counting middleware or at minimum track API spend against a daily budget with hard alerts. Most API providers support spend caps; use them. If you're on a plan with both "included" and "extra usage" tiers, monitor both independently. Alexander's 86% remaining capacity was accurate — the charges were just going to the wrong ledger.
Second, audit what context your tools send. Claude Code sends git commit messages, file contents, and other workspace context to the API. You should know what's in that payload, because apparently the billing system is reading it too. This isn't unique to Anthropic — GitHub Copilot, Cursor, and other AI coding tools all send varying amounts of workspace context. The difference is that until now, nobody expected that context to affect pricing.
Third, think about lock-in costs differently. The traditional worry about vendor lock-in is migration difficulty. This incident highlights a different dimension: when your billing depends on opaque, content-sensitive systems you can't audit, you're not just locked into a vendor — you're locked into trusting their internal systems to be correct. And when they're wrong, the refund process is apparently discretionary.
For teams evaluating AI coding tools, this should be a line item in your vendor assessment. What's the dispute resolution process for billing errors? Is it documented? Is it contractual? Or is it a GitHub comment that gets 519 downvotes?
Anthropic fixed the immediate bug quickly, which is the right operational response. But the structural issue — content-based billing routing with no transparency, no user controls, and no clear refund policy — remains unaddressed. As AI coding tools move from individual developer experiments to enterprise line items, billing transparency will become a procurement requirement, not a nice-to-have. The companies that publish their billing logic, provide real-time spend controls, and offer contractual refund guarantees for their own bugs will win enterprise deals. The ones that respond to a $200 overbilling with "we are unable to issue compensation" will learn that trust, once lost over pocket change, is expensive to rebuild.
Hey everyone, Thariq from the Claude Code team.We've been on this since the bug surfaced. Everyone affected is getting a full refund and an extra grant of usage credits equal to their monthly subscription as our apology. You can see my original post here: https://x.com/trq212
"I need to let you know that we are unable to issue compensation for degraded service or technical errors that result in incorrect billing routing."Not sure I've ever seen a company openly take this position. This is a crazy policy.
I recently had my automatic reload double charge me $100. I tried reaching out to Anthropic, but my only option (of course) was a chat agent. After going through a conversation with it, I was told someone would reach out to help with the matter. Never happened. I eventually reached out to my credit-
https://x.com/trq212/status/2048495545375990245He is getting a refund along with an additional $200 credit from what I can see.
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
> However, I need to let you know that we are unable to issue compensation for degraded service or *technical errors* that result in incorrect billing routing.This is very surprising. I've never seen a legitimate business not give refunds for technical errors of their own fault. Minimum Anth