Technical context
I dug into the details of this story not out of curiosity, but because such things immediately hit trust in AI integration. If a tool with shell access secretly analyzes the environment and modifies prompts, this is no longer minor contentious telemetry.
According to Reuters and binary analysis, this concerns Claude Code version 2.1.91 and above, where a fingerprinting mechanism appeared in April. It checked the timezone, including Asia/Shanghai and Asia/Urumqi, examined the proxy hostname and matched it against a list of approximately 146-147 domains linked to Chinese resellers and AI labs.
The most unpleasant part isn't that the code allegedly "stole files." As far as I can see from available analyses, file access wasn't the goal here. The mechanics were subtler: nearly invisible Unicode characters were injected into system prompts to mark the session and classify the user.
And that's where I froze. For a regular SaaS, this is already slippery, but for a coding agent sitting next to a repository, terminal, and internal services, such stealth looks very bad.
Anthropic explained this as an experiment against account abuse, unauthorized resellers, and model distillation. At the same time, Alibaba declared Claude Code high-risk software and, starting July 10, will transition employees to Qoder from its own Tongyi ecosystem.
Impact on business and automation
For teams, the conclusion is simple: you can't push AI automation into production just because a tool speeds up development. First, transparency of behavior, list of network calls, telemetry policy, and version control, then rollout.
Those who build their AI architecture through proxies, sandboxes, domain allowlists, and internal audit of agent tools will win. Companies where developers install coding agents "somehow locally" and security learns about it from the news will lose.
I constantly see the same problem with clients: business wants speed, but the stack is assembled from black boxes. At Nahornyi AI Lab, we solve this gap through practical AI solution development: we select models, cut risks, establish observability, and only then give the agent access to real processes.
If after this story you've started wondering what AI tools are already sitting in your IDE, CI, or internal chats, it's a good moment to give them a proper review. If needed, I and the Nahornyi AI Lab team can help build safe AI automation without hidden surprises and without slowing down development.