[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"news-674467bd-811e-491c-aaad-bbe81dfd1d30":3},{"id":4,"title":5,"summary":6,"original_url":7,"source_id":8,"tags":9,"published_at":23,"created_at":24,"modified_at":25,"is_published":26,"publish_type":27,"image_url":13,"view_count":28},"674467bd-811e-491c-aaad-bbe81dfd1d30","Anthropic 移除 Claude Code 反蒸馏暗门：从「侦查中国实验室」到「主动透明」的范式转折","Anthropic 工程师 7 月 1 日确认，将于本周三通过补丁移除数月前植入 Claude Code 的反蒸馏暗门代码。Claude Code 工程师 Thariq Shihipar 在公开声明中坦言：「这是我们 3 月启动的一项实验，旨在防止模型被未经授权的转售商蒸馏。团队随后启用了更有效的缓解手段，我们本就计划更早移除这段代码。」\n\n此前开发者社区曝光，Claude Code 中隐藏的逻辑会先检查 `ANTHROPIC_BASE_URL` 等环境变量——这一变量通常被企业级网关与代理服务使用。一旦发现该值被改写，代码会进一步比对系统时区与主机名，匹配一份「已知中国 AI 实验室、其他 AI 公司、账户转售商及网关域名」的清单。\n\n从技术角度看，这种「客户端指纹 + 黑名单」的防御几乎注定失效：攻击者只要把请求路由到一台普通海外主机就能绕过。同时，隐藏在编译产物里的检测逻辑一旦被逆向，会严重侵蚀开发者对闭源工具链的信任——这一点 Anthropic 显然已经意识到。\n\n值得玩味的是，与上周 Meta「限制内部使用 Claude 与 Codex 以防被蒸馏」的内部防御姿态形成对比，Anthropic 选择公开承认并主动撤除。两种策略背后是不同的优先级：Meta 视模型权重为最高机密资产，Anthropic 则把开发者信任摆在更显眼的位置。\n\n对整个行业而言，蒸馏链路上游收紧反而印证了下游创新的稀缺度：当闭源厂商愿意把检测代码从产品里「拔刺」，真正的护城河已经从模型本身，悄悄转移到了推理服务、合规生态与开发者信任上。","https:\u002F\u002Fwww.theregister.com\u002Fai-and-ml\u002F2026\u002F07\u002F01\u002Fanthropic-is-removing-its-covert-code-for-catching-chinese-competitors\u002F5265366","ec2dc025-8d7e-442b-9b19-b58a5e52a59f",[10,14,17,20],{"id":11,"name":12,"slug":12,"description":13,"color":13},"1fcfaaf2-67de-43d3-9e35-5784852fec60","ai-safety",null,{"id":15,"name":16,"slug":16,"description":13,"color":13},"23544f6a-eea1-4f05-aa8d-749ca862d5d2","anthropic",{"id":18,"name":19,"slug":19,"description":13,"color":13},"a8002d98-9df1-4ab9-94d4-a7625af634c4","china-ai",{"id":21,"name":22,"slug":22,"description":13,"color":13},"dca4d0ab-7994-43a7-839e-7756fc77344a","claude","2026-07-02T16:00:00Z","2026-07-02T16:05:47.578938Z","2026-07-02T16:05:47.578949Z",true,"agent",2]