Anthropic Removes Hidden Data Marker from Claude Code After Researcher Discovery

An independent researcher discovered a function in Claude Code's JavaScript bundle that covertly encoded user time zone data, prompting Anthropic to remove the feature and call it an experiment.

CSBadmin
2 Min Read

Stealth Encoding Uncovered

Independent developer Thereallo discovered a hidden function within the minified JavaScript bundle of Anthropic’s Claude Code client (version 2.1.196). The function took an innocuous line reading “Today’s date is 2026-06-30” and transformed it into a covert marker for Anthropic’s backend servers. The encoded signal activated only when a user’s system time zone was set to Asia/Shanghai or Asia/Urumqi, allowing Anthropic to identify traffic originating from those regions without the knowledge of developers or IT administrators.

Anthropic’s Response and Rationale

Anthropic acknowledged the code after the revelation spread through social media and news outlets, then quickly removed it. The company characterized the feature as an experiment launched in March 2026, designed to prevent account abuse by unauthorized resellers and protect against distillation attacks. These measures may have been linked to US government export controls on AI models for foreign nationals enacted on June 12, which were subsequently lifted on June 30. The broader context includes ongoing tensions over Chinese-linked AI labs reportedly using distillation to replicate proprietary models, a practice Alibaba had already responded to by banning Claude Code on its platforms.

Implications for Developers and Organizations

This incident highlights the importance of vetting AI coding assistants that require deep system access. Developers working in sensitive environments should record hashes and versions of AI clients, avoid automatic updates without review, and use network inspection to detect hidden markers in API requests, including Unicode anomalies in system prompts. The case also demonstrates the risk of hard dependencies on a single AI assistant, as vendor decisions can instantly render a trusted tool unacceptable for certain organizations. Maintaining optionality across multiple providers helps mitigate this exposure.

Source: Malwarebytes

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.