Hidden Code in Claude Code Secretly Flagged Chinese Users
Anthropic’s AI coding tool, Claude Code, contained hidden code that secretly detected and flagged users based on their Chinese IP addresses. The code, discovered by security researchers, automatically blocked access for users in China while also logging their connection attempts. This raises serious questions about transparency, user privacy, and compliance with both U.S. and Chinese regulations.
The hidden functionality was embedded within Claude Code’s system prompts. It scanned for Chinese-language system locales and IP ranges associated with mainland China. When detected, the tool would refuse to execute code and instead return a vague error message — without disclosing the real reason for the block.
What the Hidden Code Actually Did
Researchers found a specific block of code that performed two key actions:
- Detected Chinese IP addresses by matching against a list of known Chinese IP ranges.
- Logged user data including the user’s IP, locale settings, and timestamp of the attempt.
The code did not inform users that their location was being checked or recorded. Blocked users only saw a generic failure message, leaving them unaware of the real cause. This lack of disclosure is a core concern for transparency advocates.
Why Anthropic May Have Added This
Anthropic likely added the code to comply with Chinese AI regulations. China requires foreign AI services to avoid generating politically sensitive content. By blocking Chinese users entirely, Anthropic reduces legal risk. However, the method used — stealthy detection without user consent — contradicts standard privacy principles.
“The hidden code effectively turns Claude Code into a surveillance tool that profiles users by nationality. Whether or not the intent was regulatory compliance, the implementation is opaque and potentially illegal in some jurisdictions.” — security researcher quoted in the report
Wider Implications for AI Companies
This incident highlights a growing tension between global AI deployment and local content laws. Several companies now use geolocation to restrict AI access. But the difference here is secrecy:
- OpenAI uses explicit country blocks with clear error messages.
- Google’s Gemini shows regional availability in its terms of service.
- Anthropic’s Claude Code used hidden code, creating a trust deficit.
If users cannot trust that AI tools will honestly report their limitations, it undermines the entire premise of transparent AI development.
What Users Should Watch For
Developers and businesses relying on AI coding assistants should verify how their tools handle location data. Key red flags include:
- Vague error messages that don’t explain why a request failed.
- Unexpected connection attempts to external servers observed in network logs.
- Silent logging of IP addresses, locales, or system language without a privacy notice.
The Regulatory Landscape
China’s 2023 AI regulations require all AI services operating in the country to align with socialist core values. Foreign companies face a choice: block access, comply with local censorship, or risk penalties. Many choose blocking, but the method matters. Secretive blocking without user consent may violate data protection laws even outside China.
Background on Claude Code’s Discovery
The hidden code was uncovered by an independent researcher who noticed unusual behavior in Claude Code’s network traffic. Upon inspecting the code’s system prompts, the researcher found a conditional block that checked for Chinese IPs and language tags. The discovery was later confirmed by multiple security analysts and reported to Anthropic.
Anthropic has not publicly commented on the finding as of publication. However, the company’s privacy policy states it collects user data for product improvement — but does not explicitly mention nationality-based blocking or logging.
The Bottom Line
Secretly detecting and logging users by nationality erodes trust in AI tools. While companies may have valid compliance reasons, doing so without transparency violates basic user expectations. Developers and privacy-focused users should demand clearer disclosure from AI providers about how and why their location is being monitored.
Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.
What are your thoughts on this? I’d love to hear about your own experiences in the comments below.