Hidden code in Claude Code secretly flagged Chinese users
Summary
Anthropic is rolling back a covert surveillance feature in its Claude Code tool, exposed by Reddit user LegitMichel777, which secretly flagged users in China since version 2.1.91, released April 2, 2026. This feature checked for Chinese location indicators like system timezone ("Asia/Shanghai", "Asia/Urumqi") and Chinese proxy URLs, transmitting data through subtle, steganographic changes to the system prompt's date format and apostrophe character. The code was obfuscated using XOR encryption with key 91. Anthropic employee Thariq Shihipar described it as an "experiment" to prevent account abuse and unauthorized model distillation, stating stronger mitigations are now in place and the feature is being removed. Anthropic does not offer its models in China due to national security concerns and has previously accused Chinese AI labs of unauthorized model training.
Key takeaway
For AI Security Engineers evaluating software integrity, this incident highlights the critical need for deep code audits, especially in tools with filesystem and shell access. Covert data transmission methods, like steganography within system prompts or XOR-encrypted code, pose significant risks for user privacy and trust. You should implement robust detection mechanisms for hidden data exfiltration channels and scrutinize release notes for undisclosed features to prevent similar violations.
Key insights
Anthropic's Claude Code covertly transmitted user location data via steganography embedded in system prompts.
Principles
- Covert data collection violates user trust
- Obfuscation can hide surveillance features
Method
Claude Code compared system timezone and proxy URLs against Chinese indicators, then subtly altered the system prompt's date format and apostrophe character, obfuscating the code with XOR encryption (key 91).
In practice
- Embed hidden signals in system prompts
- Use XOR encryption for code obfuscation
Topics
- Claude Code
- Steganography
- User Privacy
- AI Ethics
- Covert Surveillance
- Data Exfiltration
- Anthropic
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Ethicist, Tech Journalist
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by The Decoder.