A hidden fingerprinting mechanism inside Claude Code quietly flagged developers routed through Chinese networks.A hidden fingerprinting mechanism inside Claude Code quietly flagged developers routed through Chinese networks.

Anthropic Faces Backlash After Claude Code Secretly Flagged Users Linked To 147 Chinese Domains

2026/07/01 22:16
3 min read
For feedback or concerns regarding this content, please contact us at [email protected]

Anthropic's Claude Code secretly embedded hidden markers to flag users linked to 147 Chinese domains and AI labs, developers disclosed this week.

Key Points

Hidden Prompt Markers

A developer reverse engineering Claude Code version 2.1.196 while restoring a disabled remote control feature found obfuscated code silently present since April.

The findings surfaced on Reddit on Jun. 30 under a screen name and were confirmed in a technical writeup posted on GitHub.

Analysts examined three separate Claude Code releases and found the mechanism worked identically in each one, with no mention of it in any release notes despite months of updates. It only activates when a user points Claude Code at a custom server address instead of Anthropic's own. Once triggered, the tool reads the system's timezone and checks whether it matches two cities linked to mainland China.

The proxy address is then compared against a hidden domain list of 147 entries, obfuscated to avoid turning up in a plain text search and including Baidu, Alibaba, Ant Group and ByteDance, plus eleven keywords tied to Chinese AI labs. Results get folded into the ordinary looking sentence "Today's date is...", where a hyphen switches to a slash for a Chinese timezone and a standard apostrophe swaps for one of three near identical characters.

Also Read: BitMine Defies The Selloff With A $43M Ethereum Bet, Strategy Blinks

Developer Trust Fallout

Developers reacted with alarm once the mechanism became public, arguing that a tool with access to source code and shell commands owes users a higher standard of disclosure than a chat window. A bug report filed against the project's code repository called the practice covert fingerprinting and asked what other signals might be hidden from users. Commenters noted the check could be defeated simply by changing a hostname or system clock.

That means it mostly tags ordinary developers using legitimate corporate proxies rather than the sophisticated operators it was built to catch. Anthropic has previously accused Chinese labs including DeepSeek, Moonshot AI and MiniMax of using more than 24,000 fraudulent accounts and over 16 million exchanges to copy Claude's reasoning and coding behavior earlier this year.

An Anthropic engineer acknowledged the code on social media and said it would be pulled in the following day's release, though the company had not issued a formal written statement. The episode adds to a string of security questions around Claude Code this year.

Researchers at Microsoft disclosed a prompt injection flaw in its GitHub integration in June, Check Point flagged three separate vulnerabilities in February, and Anthropic's own source code briefly leaked in April.

Read Next: CZ Says Binance Was Days From MiCA Approval Before Politics Hit

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

$5M in SPCX Positions for Free

$5M in SPCX Positions for Free$5M in SPCX Positions for Free

0 fees, 100x leverage, daily prizes, 7K+ stocks/ETFs