A hidden fingerprinting mechanism inside Claude Code quietly flagged developers routed through Chinese networks.A hidden fingerprinting mechanism inside Claude Code quietly flagged developers routed through Chinese networks.

Anthropic Faces Backlash After Claude Code Secretly Flagged Users Linked To 147 Chinese Domains

2026/07/01 22:16
3분 읽기
이 콘텐츠에 대한 의견이나 우려 사항이 있으시면 crypto.news@mexc.com으로 연락주시기 바랍니다

Anthropic's Claude Code secretly embedded hidden markers to flag users linked to 147 Chinese domains and AI labs, developers disclosed this week.

Key Points

Hidden Prompt Markers

A developer reverse engineering Claude Code version 2.1.196 while restoring a disabled remote control feature found obfuscated code silently present since April.

The findings surfaced on Reddit on Jun. 30 under a screen name and were confirmed in a technical writeup posted on GitHub.

Analysts examined three separate Claude Code releases and found the mechanism worked identically in each one, with no mention of it in any release notes despite months of updates. It only activates when a user points Claude Code at a custom server address instead of Anthropic's own. Once triggered, the tool reads the system's timezone and checks whether it matches two cities linked to mainland China.

The proxy address is then compared against a hidden domain list of 147 entries, obfuscated to avoid turning up in a plain text search and including Baidu, Alibaba, Ant Group and ByteDance, plus eleven keywords tied to Chinese AI labs. Results get folded into the ordinary looking sentence "Today's date is...", where a hyphen switches to a slash for a Chinese timezone and a standard apostrophe swaps for one of three near identical characters.

Also Read: BitMine Defies The Selloff With A $43M Ethereum Bet, Strategy Blinks

Developer Trust Fallout

Developers reacted with alarm once the mechanism became public, arguing that a tool with access to source code and shell commands owes users a higher standard of disclosure than a chat window. A bug report filed against the project's code repository called the practice covert fingerprinting and asked what other signals might be hidden from users. Commenters noted the check could be defeated simply by changing a hostname or system clock.

That means it mostly tags ordinary developers using legitimate corporate proxies rather than the sophisticated operators it was built to catch. Anthropic has previously accused Chinese labs including DeepSeek, Moonshot AI and MiniMax of using more than 24,000 fraudulent accounts and over 16 million exchanges to copy Claude's reasoning and coding behavior earlier this year.

An Anthropic engineer acknowledged the code on social media and said it would be pulled in the following day's release, though the company had not issued a formal written statement. The episode adds to a string of security questions around Claude Code this year.

Researchers at Microsoft disclosed a prompt injection flaw in its GitHub integration in June, Check Point flagged three separate vulnerabilities in February, and Anthropic's own source code briefly leaked in April.

Read Next: CZ Says Binance Was Days From MiCA Approval Before Politics Hit

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

면책 조항: 본 사이트에 재게시된 글들은 공개 플랫폼에서 가져온 것으로 정보 제공 목적으로만 제공됩니다. 이는 반드시 MEXC의 견해를 반영하는 것은 아닙니다. 모든 권리는 원저자에게 있습니다. 제3자의 권리를 침해하는 콘텐츠가 있다고 판단될 경우, crypto.news@mexc.com으로 연락하여 삭제 요청을 해주시기 바랍니다. MEXC는 콘텐츠의 정확성, 완전성 또는 시의적절성에 대해 어떠한 보증도 하지 않으며, 제공된 정보에 기반하여 취해진 어떠한 조치에 대해서도 책임을 지지 않습니다. 본 콘텐츠는 금융, 법률 또는 기타 전문적인 조언을 구성하지 않으며, MEXC의 추천이나 보증으로 간주되어서는 안 됩니다.

$5M in SPCX Positions for Free

$5M in SPCX Positions for Free$5M in SPCX Positions for Free

0 fees, 100x leverage, daily prizes, 7K+ stocks/ETFs