One String, $200 Gone
Claude Code users recently discovered an incredible bug on social media: whenever a git commit message contains the case-sensitive string “HERMES.md”, Claude Code requests are incorrectly routed to the pay-per-use API instead of going through the user’s Max subscription quota.
A Max 20x subscriber ($200/month) consumed $200.98 in extra usage in a single day, while his weekly quota still had 86% remaining. In other words, he not only spent his entire monthly subscription but also owed an additional $200.
This tweet received 4,623 likes, 341 retweets, and 1,490 bookmarks, with over 1.48 million views — making it one of the most widely spread posts in the AI community this week.
Bug Mechanism: String Matching Trap in Routing Logic
According to community analysis, the root cause lies in Anthropic’s internal routing logic:
if commit_message contains "HERMES.md":
route_to = API_BILLING # pay-per-use
else:
route_to = MAX_SUBSCRIPTION # subscription quotaHERMES.md is a widely used system prompt specification filename in AI Agent projects (Hermes Agent and other frameworks all use this convention). It’s not some obscure edge case — it’s a regular file that exists in the git history of thousands of developers.
The Anthropic team has promised full refunds.
Why This Bug Is So Ironic
The reason this bug triggered such strong reactions in the community is not just because it burned users’ money, but because it reveals a deeper problem in AI Agent ecosystem development:
| Dimension | The Irony |
|---|---|
| Naming Conflict | A standard file naming convention in the Agent ecosystem was accidentally hit by the subscription system’s string matching logic |
| Silent Billing | Users were silently switched to a more expensive billing path while using “a product they paid for” |
| Scale Effect | As Agent frameworks (Hermes Agent, OpenClaw, etc.) proliferate, the number of affected users is growing exponentially |
| Trust Cost | Developers are starting to wonder: is my AI tool working for me, or spending for me? |
Community Self-Help Guide
Before the official fix, the community summarized several mitigation measures:
- Rename the file: Change
HERMES.mdtosystem_prompt.md,hermes.md(lowercase), oragent.mdto avoid exact uppercase string matching - Modify git commits: Use
git commit --amendorgit rebase -ito rewrite commit messages containing the string - Monitor extra usage: Set up usage alerts in the Anthropic console, pause promptly on anomalies
- Temporary downgrade: Consider using API key direct calls instead of Claude Code subscription mode until the fix is confirmed
Bigger Picture: Growing Pains of the Agent Ecosystem
This bug is the first “absurd-level bug” of the AI Agent era — not because of technical complexity, but because it happened in a seemingly impossible place: a standard filename from an Agent framework happened to match the billing routing logic of another product.
As the AI Agent ecosystem grows explosively (Hermes Agent v0.12, OpenClaw, MuleRun are all iterating rapidly), this type of “cross-system boundary” accidental conflict will only increase. Toolchain boundaries are becoming increasingly blurred, but infrastructure layers like billing, authentication, and routing haven’t kept up with the complexity of the Agent era.
Anthropic needs to fix this bug, but the entire industry needs to fix a deeper problem: when AI Agents start autonomously writing code, committing, and even managing their own system prompts, who guarantees these behaviors won’t trigger unexpected side effects?