Claude Code, a hidden piece of code that ran secretly for three months, from April 2nd to July 1st, without any log updates or official documentation disclosure, most users were unaware of it.

Reddit users disassembled the binary file and discovered this segment of the program. Security researchers completed reverse engineering analysis on multiple versions of the source code. On July 1st, overseas media published an in-depth headline report on this matter. The core objective of this hidden code was clear: it specifically identified users in China who used the product or accessed through proxy interfaces of domestic AI companies. The entire identification design was highly covert.

The development team used Unicode steganography to transmit identification signals, using date text within interface requests as a secret transmission carrier, making it difficult for ordinary users to detect anomalies.

image.png

Double detection + data poisoning, the mechanism poses serious risks of misidentification

Once a user customizes the proxy interface address, the program will activate two checks, verifying the device's time zone and encrypted domain name blacklist. The blacklist has been doubly encrypted. After decryption, it includes hundreds of domestic AI companies and intermediary domains such as Baidu, ByteDance, and MiniMax, covering a wide range. After matching the domestic time zone or proxy domain, the text characters will be quietly replaced with special Unicode symbols, allowing the backend to accurately identify and mark users, which is hard to distinguish with the naked eye.

The code also contains a de-distillation identifier, automatically injecting false tool call data upon identifying the target, interfering with third-party use of its output for training their own large models. The official later stated that this function was merely a short-term experiment for preventing account reselling, and the related code had been completely removed in the new version. However, the entire mechanism still raised many controversial points.

Encrypted and obfuscated domain name lists, long-term concealment without public disclosure, many enterprise compliance internal network proxy users may also be mistakenly marked, highlighting significant privacy and usage risks. The timeline of the incident was full of coincidences. Just after the US lifted export restrictions on two of its models, the exposure of the identification code came out simultaneously, creating a strong contrast. Developer tools have high-level permissions to read local code and modify files, and the underlying hidden detection logic was not disclosed, severely damaging the trust developers had in the product.