What the Code Did
According to analysis published by security researchers and confirmed through reverse-engineering of the Claude Code binary, versions starting with 2.1.91 introduced checks that activated whenever a user connected through a non-standard API proxy. The system examined whether the user’s timezone was set to Asia/Shanghai or Asia/Urumqi, and whether the proxy URL pointed to a Chinese domain or was associated with a Chinese AI laboratory. digg.com vincentschmalbach.com reddit.com
Rather than transmitting this information directly, the code embedded its findings steganographically within the system prompt sent to Claude’s servers. Date formats shifted from “2026-06-30” to “2026/06/30” for users in Chinese timezones, while different Unicode apostrophe characters — a right single quotation mark, a modifier letter apostrophe, or a modifier letter prime — signaled whether the proxy was a Chinese domain, a known entity, or linked to a Chinese AI lab. vincentschmalbach.com reddit.com kucoin.com
Anthropic’s Response
After the discovery gained traction on Reddit and social media, Anthropic technical team member @trq212 acknowledged the functionality and stated the code would be removed in the next version, expected within a day. The company has not issued a formal public statement characterizing the feature’s purpose. kucoin.com
Some developers have framed the mechanism as an anti-distillation measure — a technique to detect whether Chinese AI labs were routing queries through Claude to extract its capabilities for training competing models. This interpretation aligns with Anthropic’s June 2026 accusation that Alibaba affiliates had conducted a large-scale distillation campaign generating over 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts between April and June. facebook.com reddit.com
Broader Context
The fingerprinting controversy emerged the same day Anthropic announced that the U.S. Department of Commerce had lifted export controls on its Claude Fable 5 and Mythos 5 models, ending a weeks-long standoff that began June 12 when the government ordered a global suspension of the models over national security concerns. Anthropic had already blocked Chinese-controlled firms from accessing Claude in September 2025. cnbc.com tomshardware.com bbc.com
Critics argue that regardless of intent, a coding agent with repository and command-line permissions should not embed hidden metadata about users’ locations inside prompts without disclosure. The episode underscores the tension between AI companies’ compliance obligations and developer trust — particularly as tools like Claude Code gain deeper access to users’ machines and workflows. x.com