07/02 2026
393
Kuaikeji, July 2: Recently, a foreign internet user disclosed insider information on the overseas social platform Reddit, alleging that the client of Claude Code, an AI coding tool developed by Anthropic, a prominent U.S. AI technology company, contains concealed surveillance code specifically designed to target Chinese users. This undisclosed code has been operating covertly for a full three months.
This revelation has swiftly ignited widespread debate within the global AI technology community. Following the escalation of the incident, the individual responsible for the Claude Code product came forward to address the controversy.
The internet user who made the disclosure, known by the ID LegitMichel777, stated that he was recently experimenting with the use of a proxy network to enable the Claude Code client to integrate and utilize large models developed by various AI companies. During the debugging process, he inadvertently uncovered this suspicious code, which had not been previously disclosed to the public.
In a post published on June 30, LegitMichel777 revealed that the latest version 2.1.196 of Claude Code automatically restricts certain remote control permissions when it detects that the user's device has proxy functionality enabled.

To regain access to these restricted functions, he conducted reverse engineering on the client's installation package file and discovered the suspicious code embedded in the underlying logic.
Through disassembly, LegitMichel777 confirmed that this covertly operating code automatically initiates two targeted detections in the background when the user activates a proxy connection. One detection checks whether the system timezone of the user's device corresponds to a Chinese region, specifically the Shanghai or Urumqi timezone.
The other detection verifies whether the currently used proxy URL falls under a Chinese domain category, matches any special domain names pre-programmed into the software, or is linked to a publicly recognized Chinese AI laboratory entity.
Once the code determines that the user exhibits both of these characteristics, it covertly alters the date format and certain expression symbols in the system's backend prompts when the user sends instructions or submits prompts to Anthropic's large model. It inserts special hidden markers into the uploaded data packets to facilitate the platform's accurate identification of these Chinese users. The entire process occurs without any pop-up alerts or notifications, rendering it virtually undetectable to ordinary users.

What has perplexed many industry professionals is that this code targeting Chinese users was not mentioned in the update logs of any version of Claude Code, leaving ordinary users completely oblivious.
After meticulously examining all versions of the code for comparison, LegitMichel777 confirmed that this logic was discreetly introduced in the Claude Code version 2.1.91 released on April 2 this year. This implies that such targeted monitoring has been silently operating in the background for three months.
In fact, Anthropic had previously prohibited user access from mainland China under the guise of security and compliance with export controls. Since the first half of this year, the company has repeatedly asserted in public that several Chinese AI technology companies have launched so-called distillation attacks against its large models. It accused Chinese AI laboratories of employing a multitude of fake accounts to send instructions in bulk to its large models, extracting the models' reasoning trajectories, thought processes, and intricate programming logic to refine and enhance their own large model capabilities.
These baseless accusations are riddled with obvious logical inconsistencies. Numerous voices within the domestic technical community have directly pointed out that Anthropic is essentially deliberately stigmatizing distillation, a standard and widespread technical approach in the AI field, to protect its own commercial interests. However, it conveniently overlooks its past conduct of scraping vast amounts of copyrighted public content without authorization for use as training material during its own large model training endeavors.
An article published by the Voice of China Association for Science and Technology in March this year unequivocally stated that Anthropic's relevant accusations not only maliciously misconstrue the normal progression logic of AI technology but also unjustly tarnish the collective research and development accomplishments of Chinese AI practitioners.
