Anthropic Claude Code被发现暗藏针对中国的监视代码,已持续三个月
英文摘要
A developer found that Anthropic's AI programming tool Claude Code included a hidden surveillance mechanism targeting China. The code checks whether the system timezone is set to Asia/Shanghai or Asia/Urumqi and whether accessed URLs match a list of 147 domains, including Baidu, Alibaba, ByteDance, and Claude API proxy services. Upon detection, it alters prompt date formatting and sends hidden markers to Anthropic servers, effectively identifying Chinese users. The code was present for three months before being publicized. Anthropic's Claude Code product lead Thariq Shihipar stated it was an experiment to prevent unauthorized account resale and model distillation and would be removed on July 2.
中文摘要
开发者发现Anthropic的AI编程工具Claude Code内置了针对中国的隐藏监视机制。该代码会检查系统时区是否为上海或乌鲁木齐时区,并判断访问的URL是否匹配包含百度、阿里巴巴、字节跳动以及Claude API中转服务在内的147个域名列表。一旦匹配,代码会篡改提示词中的日期格式,并向Anthropic服务器发送隐藏标记,从而识别中国用户。该代码在曝光前已存在三个月。Anthropic的Claude Code产品负责人Thariq Shihipar回应称这是一项防止未授权账户转售和模型蒸馏的实验,将于7月2日删除。
关键要点
Claude Code client code checked system timezone for China (Asia/Shanghai, Asia/Urumqi) and matched 147 domains including Chinese tech firms and AI labs.
Claude Code客户端代码检查系统时区是否为中国时区(上海、乌鲁木齐),并匹配包含中国科技企业和AI实验室在内的147个域名。
Upon detection, the code altered prompt date formats and sent hidden markers to Anthropic servers, functioning as a backdoor-like surveillance mechanism.
检测到后,代码篡改提示词日期格式并发送隐藏标记至Anthropic服务器,起到类似后门的监视作用。
The code had been active for three months. Product lead Thariq Shihipar called it an experiment against unauthorized resale and model distillation, promising removal by July 2.
该代码已存在三个月。产品负责人称其为防止未授权转售和模型蒸馏的实验,承诺7月2日删除。