Hidden code in Claude Code secretly flagged Chinese users

· Source: The Decoder · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Emerging Technologies & Innovation · Depth: Novice, quick

Summary

Anthropic is rolling back a covert surveillance feature in its Claude Code tool, exposed by Reddit user LegitMichel777, which secretly flagged users in China since version 2.1.91, released April 2, 2026. This feature checked for Chinese location indicators like system timezone ("Asia/Shanghai", "Asia/Urumqi") and Chinese proxy URLs, transmitting data through subtle, steganographic changes to the system prompt's date format and apostrophe character. The code was obfuscated using XOR encryption with key 91. Anthropic employee Thariq Shihipar described it as an "experiment" to prevent account abuse and unauthorized model distillation, stating stronger mitigations are now in place and the feature is being removed. Anthropic does not offer its models in China due to national security concerns and has previously accused Chinese AI labs of unauthorized model training.

Key takeaway

For AI Security Engineers evaluating software integrity, this incident highlights the critical need for deep code audits, especially in tools with filesystem and shell access. Covert data transmission methods, like steganography within system prompts or XOR-encrypted code, pose significant risks for user privacy and trust. You should implement robust detection mechanisms for hidden data exfiltration channels and scrutinize release notes for undisclosed features to prevent similar violations.

Key insights

Anthropic's Claude Code covertly transmitted user location data via steganography embedded in system prompts.

Principles

Method

Claude Code compared system timezone and proxy URLs against Chinese indicators, then subtly altered the system prompt's date format and apostrophe character, obfuscating the code with XOR encryption (key 91).

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Ethicist, Tech Journalist

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Decoder.