China warns Claude Code has backdoor; Anthropic says it's anti-abuse
China tells organizations to uninstall Claude Code versions 2.1.91-2.1.196 over alleged data theft risk.
China’s National Vulnerability Database, operated by the Ministry of Industry and Information Technology, issued a warning urging organizations to remove or upgrade Claude Code versions 2.1.91 through 2.1.196. The database alleges that these versions contain a built-in monitoring mechanism that could transmit sensitive information—such as users’ geographic location and identity-related identifiers—to remote servers without explicit consent. The advisory specifically calls for uninstalling affected versions or upgrading to a newer release where the alleged backdoor code has been removed. It also recommends tightening external network access for development tools and strengthening traffic monitoring on core business networks, especially since AI coding assistants operate close to source code, internal repositories, and developer workflows.
Anthropic disputes China’s characterization, telling CNBC that the so-called “backdoor” was actually an experiment earlier this year to protect against model distillation—a process where outputs from a large AI model are used to train another model. The company also reiterated that Claude is not permitted for use in China, and its policy prohibits use by entities majority-owned by China-headquartered organizations. The warning follows Anthropic’s accusation last month that Alibaba attempted to extract its AI capabilities, leading Alibaba to order employees to stop using Anthropic tools starting July 10. This dispute is part of a broader US-China AI rivalry, putting AI coding tools under increased regional scrutiny. For multinational organizations with development teams in APAC, security teams must now evaluate what data these tools collect, where data goes, and whether regional rules allow their use.
- China's National Vulnerability Database flagged Claude Code versions 2.1.91-2.1.196 for transmitting sensitive user data to remote servers.
- Anthropic claims the feature was an experimental anti-abuse measure against model distillation, not a backdoor.
- The warning comes amid escalating US-China AI tensions; Alibaba ordered employees to stop using Anthropic tools starting July 10.
Why It Matters
Multinational firms must reassess AI coding tools' data policies and regional compliance amid rising geopolitical scrutiny.