@9hills: At first, I didn't really get what Anthropic was trying to do — why detect Claude Code using third-party providers? What's the big deal? Later I realized how clever Anthropic is: by modifying the date format in the system prompt and comparing it with their own logs, they can precisely identify proxy station IPs and accounts. As long as your local configuration points to a third-party URL but the request ultimately goes back to Anthropic, it must be a proxy station. So they can batch-ban those proxy stations.

X AI KOLs Timeline News

Summary

Anthropic precisely identifies requests from Claude Code that use third-party providers (proxy stations) by modifying the date format in the system prompt and comparing it with their own logs, thereby batch-banning proxy station IPs and accounts. This technique requires no network upload activity and can even detect proxy usage within enterprise intranet environments.

I first didn't really get what Anthropic was trying to do — why detect Claude Code using third-party providers? What's the big deal? Later I realized how clever Anthropic is: by modifying the date format in the system prompt and comparing it with their own logs, they can precisely identify proxy station IPs and accounts. As long as your local configuration points to a third-party URL but the request ultimately goes back to Anthropic, it must be a proxy station. So they can batch-ban proxy stations. Similarly, many companies — whether for model distillation or just to use Claude models — can't give each employee a separate account, so they often build their own proxy solutions. Even if the backend uses AWS, it can still be accurately identified. Finally, because it's injected via the prompt, there's no network upload activity, making it hard to detect. Even if your company's Claude Code runs in an offline intranet environment, as long as the model request eventually goes back to Anthropic, it will be caught.
Original Article
View Cached Full Text

Cached at: 06/30/26, 05:45 PM

I actually didn’t initially understand what Anthropic’s goal was—detecting third‑party providers for Claude Code, what’s the big deal?

Later I realized how clever this is. By modifying the date format in the system prompt and comparing it with Anthropic’s own logs, they can precisely identify relay station IPs and accounts. If you configure a third‑party URL locally but the requests still go back to Anthropic, it must be a relay station. This allows them to ban relay stations in bulk.

Similarly, many companies—whether for distillation or for using the Claude model—can’t possibly give each employee their own account, so they typically use self‑built relay station solutions. Even if the backend is AWS, it can still be precisely identified.

Finally, because the detection is injected into the prompt and involves no network upload activity, it’s hard to spot. Even if your enterprise’s Claude Code runs in an internal network environment, as long as the model requests eventually go back to Anthropic, they will be discovered.

Similar Articles

@AISuperDomain: Breaking news! Claude Code allegedly has a built-in 'hidden backdoor' specifically designed to detect Chinese users. The reason for Claude account bans has finally been found!!! According to a Reddit leak: Starting from version 2.1.91, Claude Code checks whether the system timezone is Asia…

X AI KOLs Timeline

According to a Reddit leak, starting from version 2.1.91, Claude Code has a built-in hidden detection logic that checks system timezone, proxy URL, and modifies system prompt encoding methods, allegedly to specifically identify Chinese users, sparking serious concerns about developers' trust boundaries.

@Khazix0918: https://x.com/Khazix0918/status/2072235797592658395

X AI KOLs Timeline

The article exposes that Anthropic secretly detects and marks Chinese users in Claude Code using steganography (modifying Unicode characters and separators in date strings) for account bans, sparking strong community concerns about privacy and trust.

@xiangxiang103: Wow, Anthropic really dropped the ball this time. Someone dug up hidden code in the Claude Code binary — specifically designed to detect whether you're a Chinese user or routing through China. Not ordinary telemetry, but deliberately obfuscated, not mentioned in release notes, and completely unknown to users. The process goes like this: - Detects you...

X AI KOLs Timeline

Hidden code was discovered in the Claude Code binary that specifically detects Chinese users or proxy routes, and secretly modifies system prompts to add watermarks, sparking widespread concerns about trust in developer tools.

@passluo: Unbelievable! The latest Claude Code CLI client code secretly contains a list of proxy stations. For users from these stations, Claude may randomly modify your prompt to interfere with your requests. A\\ The selected proxy station list is shown in the image. Don't be discouraged if your station wasn't selected — maybe next time it will be you.

X AI KOLs Timeline

The latest Claude Code CLI client code was found to secretly contain a list of proxy stations. Users from these stations may have their prompts randomly modified by Claude to interfere with requests, sparking discussions about transparency and privacy.

@AYi_AInotes: https://x.com/AYi_AInotes/status/2065397156320612829

X AI KOLs Timeline

This article explains how to quickly check VPS IP quality using three free websites (Scamalytics, ipinfo, check-host), and promotes VoyraCloud's residential IP servers, emphasizing the importance of clean IPs for running AI tools like Claude Code and Codex, as well as accessing overseas accounts.