Claude Code (v2.1.196) Secretly Checks System Timezone and Chinese Tech Domains to Prevent Model Distillation
English summary
An analysis of the Claude Code binary (v2.1.196) revealed that it covertly checks whether the system timezone is Asia/Shanghai or Asia/Urumqi and matches against a list of Chinese tech company domains, including baidu.com, alibaba-inc.com, alipay.com, bytedance.net, and others. This behavior is suspected to be a countermeasure against Chinese AI companies distilling Anthropic's Claude model through the coding tool. The finding was reported on the security research blog thereallo.dev.
Chinese summary
安全研究人员分析Claude Code本地二进制文件(v2.1.196)时发现,该工具会悄悄检查系统时区是否为Asia/Shanghai或Asia/Urumqi,并匹配百度、阿里巴巴、蚂蚁集团、字节跳动、快手、小红书、京东、哔哩哔哩等中国科技公司域名。此举疑似为防止中国AI公司通过该编程工具蒸馏Anthropic的Claude模型。这一发现由安全研究博客thereallo.dev报道。
Key points
Claude Code v2.1.196 checks system timezone for Asia/Shanghai and Asia/Urumqi.
Claude Code v2.1.196 检查系统时区是否为Asia/Shanghai或Asia/Urumqi。
It also matches against domains of major Chinese tech companies, including Baidu, Alibaba, Ant Group, ByteDance, Kuaishou, Xiaohongshu, JD.com, and Bilibili.
它同时匹配百度、阿里巴巴、蚂蚁集团、字节跳动、快手、小红书、京东、哔哩哔哩等中国科技公司的域名。
The behavior is suspected to prevent model distillation by Chinese AI firms.
该行为疑似旨在阻止中国AI公司对其模型进行蒸馏。
The finding was disclosed on the security research blog thereallo.dev.
该发现由安全研究博客thereallo.dev披露。