For AI platform and security teams, this episode is a case study in how geopolitical compliance pressure quietly becomes product code: a nationality-detection check meant to satisfy export-control and anti-distillation concerns shipped inside a developer tool with no public disclosure, and it took a Reddit investigation to surface it.
What happened
Reddit users identified a mechanism embedded in Anthropic's Claude Code that detects a user's system timezone and proxy signals and uses them to flag accounts linked to China (Gizmodo). Anthropic engineer Thariq Shihipar responded in a post on X that the check was "an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation," adding the team had "been meaning to take it down for a while" and that it "should be fully rolled back" in the next release (Gizmodo). The-Decoder reports additional technical detail: the code compares the system timezone to Asia/Shanghai or Asia/Urumqi, scans proxy URLs for Chinese domains and AI labs, and alters date formatting and an apostrophe character as a side effect when triggered. Separately, BBC, Fortune, Forbes and the Wall Street Journal reported that a U.S. Commerce Department emergency export-control directive forced Anthropic to disable foreign-national access to Fable 5 and Mythos 5 in mid-June, an action that followed an Amazon-documented jailbreak that Amazon CEO Andy Jassy raised with White House officials (Fortune).
Timeline
Claude Code version 2.1.91 ships with the undisclosed timezone- and proxy-based flagging mechanism active.
BBC reports that a U.S. Commerce Department export-control directive had forced Anthropic to suspend Fable 5 and Mythos 5 access for foreign nationals.
Anthropic redeploys Fable 5, and Thariq Shihipar confirms the Claude Code flagging mechanism will be rolled back in an upcoming release.
Gizmodo, The Decoder and other outlets report publicly on the flagging mechanism, prompting scrutiny of Anthropic's access-control practices.
Technical context
Screening based on timezone and proxy metadata is a blunt, easily-evaded signal that can misclassify legitimate users while still functioning as covert nationality-based filtering when undisclosed. Because the check shipped silently inside a widely-used coding agent rather than as a documented policy, it surfaced only through community reverse-engineering, not a vendor disclosure.
For practitioners
Teams building or operating agentic coding tools should treat any metadata-based user-screening logic as a disclosure and audit requirement, not an internal implementation detail; undisclosed nationality or region checks carry both compliance risk and reputational exposure once discovered. Export-control obligations (like the Fable 5/Mythos 5 suspension) and product-level anti-abuse logic are increasingly intertwined, so provenance logging and change-log transparency for access-control code are becoming necessary engineering practices, not optional ones.
What to watch
Whether Anthropic publishes a fuller account of the mechanism's history and scope beyond Shihipar's social post, whether other AI vendors face similar scrutiny over undisclosed geo-screening in developer tools, and how the unresolved tension between export-control compliance and covert user profiling plays out as the Fable 5/Mythos 5 dispute continues to shape policy discussion (Forbes).
Editorial analysis
This is part of a broader pattern in which AI vendors, squeezed between export-control enforcement and competitive pressure from Chinese labs, build screening logic into products without disclosing it to users - a shortcut that tends to generate more scrutiny than the underlying compliance problem it was meant to solve.
Key Points
- 1Anthropic is rolling back a hidden Claude Code check that flagged China-linked users via timezone and proxy signals since April 2026.
- 2The mechanism, framed as anti-abuse and anti-distillation tooling, surfaced through Reddit reverse-engineering rather than vendor disclosure.
- 3The episode shows undisclosed geo-screening code and export-control compliance are now intertwined engineering and reputational risks for AI vendors.
Scoring Rationale
A widely-used Anthropic developer tool shipped an undisclosed nationality-screening mechanism that surfaced via community reverse-engineering, layered onto an active US export-control dispute over Fable 5/Mythos 5 access. The combination of product-level covert screening and regulatory entanglement makes this a major, if not industry-shaking, governance and security story for AI practitioners.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

