Yesterday, some netizens noticed that there is obfuscated code hidden in Claude Code to detect the system time zone and API endpoint URL. This detection is mainly for Chinese users, including ordinary Chinese developers and Chinese AI companies. For example, if it is detected that the developer has configured API addresses such as Dark Side of the Moon in Claude Code, the relevant information will be automatically added to the system prompt word and then sent to Company A's server.
Company A can perform targeted processing based on the prompt words received by the server, such as reducing model intelligence or slowing down the generation rate. Of course, it can also be used to identify the Claude Pro/Max subscription account of the API transfer station and then ban it. However, the code hidden by Company A is too dark, so netizens who posted this said that it is even similar to a backdoor, and called on Company A to increase transparency.

After attracting community attention, Company A said it would delete the code tomorrow:
At present, Claude Code's hidden detection code has attracted considerable attention in the community, so Company A's engineers issued a response saying that they will roll back the deletion of the code. The reason why the code can be deleted now is because Company A has deployed a more powerful detection mechanism. As for what kind of detection mechanism it is, it is temporarily unknown, but considering the current account ban situation, the new detection mechanism implemented by Company A is definitely more stringent.
An engineer from Company A responded as follows: This is an experiment we launched in March to prevent unauthorized resellers from abusing accounts and preventing distillation attacks. The team has implemented stronger mitigations since then, and we've actually been planning on canceling this experiment for some time, we've merged the PR and this should be fully rolled back in tomorrow's release.
Community users complained that Company A used experiments as an excuse:
Many developers regard Claude Code as their main productivity tool. Company A directly added a detection mechanism similar to backdoor code to Claude Code without making any announcement or noting it in the privacy agreement. Now that it was discovered, it used experiments as an excuse to reduce the impact. Community users believe this is a very irresponsible behavior. Although Claude Code is only targeting Chinese users this time, if Company A is willing, it can also use this mechanism to identify and target other different user groups. This is a very unethical and dangerous approach.