@rohanpaul_ai: wow Claude Code allegedly fingerprints China-linked custom routes through tiny prompt formatting changes. The claim con…

X AI KOLs Following News

Summary

Controversy erupts as Claude Code is accused of secretly fingerprinting China-linked custom proxy routes through invisible prompt formatting changes, raising serious trust and auditability concerns for AI agents.

wow Claude Code allegedly fingerprints China-linked custom routes through tiny prompt formatting changes. The claim concerns non-default ANTHROPIC_BASE_URL routes, not ordinary direct Anthropic connections. As to the mechanism, Claude Code normally sends your request to Anthropic’s server, but some users change the address so it goes through another server first. The accusation says Claude Code detects that changed route, checks whether it looks China-linked, then hides tiny signals inside the prompt text. ANTHROPIC_BASE_URL is a setting that tells Claude Code where to send your request i.e. as a way to point Claude Code at a gateway. A proxy or gateway means that request goes through another server before reaching Anthropic. So the controversy starts if Claude Code then secretly fingerprints that gateway through the prompt itself. The mechanism is allegedly invisible punctuation and date formatting, used to tag the request without clearly telling the user. Claude Code allegedly checks the custom hostname, then compares it with China-linked domains. Now this is quite massive issue If true, hidden prompt markers would mean Claude Code silently tagged routing details without clear disclosure. Abuse detection is understandable because Anthropic says proxy services are used to bypass China access limits. But secret prompt marking still crosses a trust line because users cannot review or refuse it. Claude Code is not a normal chatbot because it can read files, edit code, and run commands. A hidden signal inside that kind of tool feels far more serious than tracking inside a website. This may set a precedent for AI agents becoming hard to audit. Once invisible characters carry metadata, users will distrust even harmless-looking text.
Original Article
View Cached Full Text

Cached at: 07/01/26, 08:05 AM

wow

Claude Code allegedly fingerprints China-linked custom routes through tiny prompt formatting changes.

The claim concerns non-default ANTHROPIC_BASE_URL routes, not ordinary direct Anthropic connections.

As to the mechanism, Claude Code normally sends your request to Anthropic’s server, but some users change the address so it goes through another server first.

The accusation says Claude Code detects that changed route, checks whether it looks China-linked, then hides tiny signals inside the prompt text.

ANTHROPIC_BASE_URL is a setting that tells Claude Code where to send your request i.e. as a way to point Claude Code at a gateway. A proxy or gateway means that request goes through another server before reaching Anthropic.

So the controversy starts if Claude Code then secretly fingerprints that gateway through the prompt itself.

The mechanism is allegedly invisible punctuation and date formatting, used to tag the request without clearly telling the user.

Claude Code allegedly checks the custom hostname, then compares it with China-linked domains.

Now this is quite massive issue

If true, hidden prompt markers would mean Claude Code silently tagged routing details without clear disclosure.

Abuse detection is understandable because Anthropic says proxy services are used to bypass China access limits. But secret prompt marking still crosses a trust line because users cannot review or refuse it.

Claude Code is not a normal chatbot because it can read files, edit code, and run commands. A hidden signal inside that kind of tool feels far more serious than tracking inside a website.

This may set a precedent for AI agents becoming hard to audit. Once invisible characters carry metadata, users will distrust even harmless-looking text.

This GitHub verification report note says the claim is real, but the effect is narrow.

  • Claude Code allegedly adds the hidden mark only when someone changes the server address away from Anthropic’s official server.

  • A normal direct user is not marked just because their timezone is China.

  • The mark is not shown as file theft, because it only changes punctuation inside the prompt already being sent.

  • The trust issue remains serious because the user would not clearly see or approve that hidden label.

  • The anti-abuse value also looks weak because a truly bad reseller could easily avoid it by changing settings or patching code.

https://gist.github.com/AdnaneKhan/0a0edb5620d5214282ef4027caad8950…

Some context on why Anthropic may be doing it.

The White House earlier warned through a official report that proxy accounts already support industrial-scale frontier AI extraction campaigns.

There’s a big grey market that sells cheap Claude API access through proxies that capture everything.

https://whitehouse.gov/wp-content/uploads/2026/04/NSTM-4.pdf…

Similar Articles

@AISuperDomain: Breaking news! Claude Code allegedly has a built-in 'hidden backdoor' specifically designed to detect Chinese users. The reason for Claude account bans has finally been found!!! According to a Reddit leak: Starting from version 2.1.91, Claude Code checks whether the system timezone is Asia…

X AI KOLs Timeline

According to a Reddit leak, starting from version 2.1.91, Claude Code has a built-in hidden detection logic that checks system timezone, proxy URL, and modifies system prompt encoding methods, allegedly to specifically identify Chinese users, sparking serious concerns about developers' trust boundaries.