Anthropic to remove hidden code that flagged China-based Claude Code users

Anthropic is removing concealed detection logic from its Claude Code command-line tool after developers discovered it had been silently fingerprinting users connected from China since April 2026. The revelation, which surfaced on developer forums over the weekend, prompted an Anthropic engineer to confirm the code’s existence and promise its removal in the next release. reddit.com kucoin.com

What the Code Did

According to analysis published by security researchers and confirmed through reverse-engineering of the Claude Code binary, versions starting with 2.1.91 introduced checks that activated whenever a user connected through a non-standard API proxy. The system examined whether the user’s timezone was set to Asia/Shanghai or Asia/Urumqi, and whether the proxy URL pointed to a Chinese domain or was associated with a Chinese AI laboratory. digg.com vincentschmalbach.com reddit.com

Rather than transmitting this information directly, the code embedded its findings steganographically within the system prompt sent to Claude’s servers. Date formats shifted from “2026-06-30” to “2026/06/30” for users in Chinese timezones, while different Unicode apostrophe characters — a right single quotation mark, a modifier letter apostrophe, or a modifier letter prime — signaled whether the proxy was a Chinese domain, a known entity, or linked to a Chinese AI lab. vincentschmalbach.com reddit.com kucoin.com

Anthropic’s Response

After the discovery gained traction on Reddit and social media, Anthropic technical team member @trq212 acknowledged the functionality and stated the code would be removed in the next version, expected within a day. The company has not issued a formal public statement characterizing the feature’s purpose. kucoin.com

Some developers have framed the mechanism as an anti-distillation measure — a technique to detect whether Chinese AI labs were routing queries through Claude to extract its capabilities for training competing models. This interpretation aligns with Anthropic’s June 2026 accusation that Alibaba affiliates had conducted a large-scale distillation campaign generating over 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts between April and June. facebook.com reddit.com

Broader Context

The fingerprinting controversy emerged the same day Anthropic announced that the U.S. Department of Commerce had lifted export controls on its Claude Fable 5 and Mythos 5 models, ending a weeks-long standoff that began June 12 when the government ordered a global suspension of the models over national security concerns. Anthropic had already blocked Chinese-controlled firms from accessing Claude in September 2025. cnbc.com tomshardware.com bbc.com

Critics argue that regardless of intent, a coding agent with repository and command-line permissions should not embed hidden metadata about users’ locations inside prompts without disclosure. The episode underscores the tension between AI companies’ compliance obligations and developer trust — particularly as tools like Claude Code gain deeper access to users’ machines and workflows. x.com