The Discovery of Clancestine Surveillance
Yesterday, the developer community observed that Claude Code contained hidden, obfuscated code designed to scrutinize system time zones and API endpoint URLs. This stealthy monitoring specifically targets Chinese users, encompassing both independent Chinese developers and domestic artificial intelligence corporations. For instance, if the mechanism detects that a developer has configured API addresses associated with entities like Moonshot AI, this critical telemetry is automatically appended to the system prompt before being transmitted directly to Anthropic servers.
Consequently, Anthropic can execute targeted operations based on the telemetry embedded within these received prompts. Such measures could include intentionally degrading model intelligence, throttling generation velocities, or identifying and blacklisting Claude Pro/Max subscription accounts utilizing reverse proxies through third-party API relay stations. Because these hidden code sequences are profoundly insidious, the original poster likened the mechanism to a backdoor, urgently calling upon Anthropic to elevate its operational transparency.
Anthropic Announces Imminent Removal of Code
Following intense community backlash, Anthropic announced the imminent removal of the code. As the controversy surrounding the clandestine detection logic intensified across developer forums, a widely shared community report on X highlighted how an Anthropic engineer published an official response promising to roll back and excise the problematic segments. The company noted that the removal is feasible because they have already deployed more robust, backend mitigation and detection mechanisms. While the exact technical nature of these new measures remains undisclosed, the current wave of account bans suggests that Anthropic’s updated detection framework will be significantly more stringent.
The official statement from the Anthropic engineer reads as follows: “Hi, this is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation. The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while. We merged the PR and this should be fully rolled back in tomorrow’s release.”
Community Backlash Against the ‘Experiment’ Pretext
Community members, however, vehemently criticized Anthropic for using an “experiment” as a convenient pretext. Given that many developers rely on Claude Code as a primary productivity asset, the community views the clandestine implementation of backdoor-like surveillance without any prior public announcements or updates to the privacy policy as highly irresponsible. Although this iteration of Claude Code strictly targeted Chinese users, developers argue that Anthropic could easily repurpose such a mechanism to profile and restrict other user demographics, branding the practice as inherently unethical and dangerous.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.