AI adoption is accelerating, but trust is still fragile.
Recently, users of Claude Code raised concerns about how usage is being billed, specifically around when subscription usage ends and paid “extra usage” begins.
Public reports across GitHub and community forums describe scenarios where users still had included usage available, but were instead charged for exceeding usage at the API billing rates.
To clarify, Anthropic sold users a block of usage. Users who were below their caps were charged extra for exceeding it (which they didn't). And rather than fixing the glitch Anthropic clarified that it was their policy to not fix "incorrectly routed" billings. That they expected users to simply pay up for usage they didn't owe.
There's a technical term for intentionally over-billing, despite being aware that generated bills were erroneous or incorrect. It's called fraud.
These reports are not proof of systemic failure. But they highlight a growing gap between user expectations and system behavior.
And then things got more interesting.
In a widely shared thread on Reddit, one developer claimed that simply having the string “HERMES.md” in their git commit history triggered Claude Code to route usage to paid billing, resulting in roughly $200 in unexpected charges.
Because Claude Code is designed to ingest project context—including recent commits—into its working prompt.
And “HERMES.md” isn’t a random string, it’s a legitimate convention used in AI agent systems to define project-level context and behavior.
Users who were using paid API licenses for their Hermes configurations were using Claude Code to assist in the setup. A perfectly valid use case that did not violate terms of service. Rather than using the context to determine if a particular usage exceeded allowable use cases (such as is the case for other safety training), they took the lazy way out. A literal check for a specific filename, and nothing more.
Some community speculation suggests this may have interacted with internal safety or abuse-detection mechanisms that influence how requests are classified—and potentially how they’re billed.
To be clear: this behavior has not been publicly confirmed by Anthropic.
But that’s exactly the point.
If a system can:
…without clear visibility or explanation;
you no longer fully control the system.
This is part of a broader pattern:
Individually, these are product decisions.
Together, they point to a deeper issue:
AI systems are now making operational decisions that directly impact cost, risk, and trust.
As AI becomes embedded into engineering and business workflows, companies need more than capability.
They need:
Because billing surprises are rarely the root problem.
They’re the symptom.
At Suzu Labs, we help organizations validate, not just adopt, AI systems.
Our AI Assessment and Advisory services identify:
We test how these systems behave in the real world, so you’re not learning the hard way.
Because in AI, trust isn’t given.
It’s verified.
Sources: