China’s National Vulnerability Database (NVDB), which operates under the Ministry of Industry and Information Technology (MIIT), has issued a cybersecurity alert claiming that several versions of Anthropic’s Claude Code AI coding assistant contain a security “backdoor” capable of transmitting sensitive user information to remote servers without authorization. The warning marks a new escalation in the growing technology and AI rivalry between China and the United States, with Chinese authorities urging organizations to immediately review affected systems and upgrade to newer software versions.

According to the NVDB, the alleged vulnerability affects Claude Code versions 2.1.91 through 2.1.196. The agency claims the software includes a built-in mechanism that could collect and transmit information such as users’ geographic location, identity-related data, and other system details to Anthropic’s servers without explicit user consent. Chinese authorities described the issue as posing a “serious security threat” and advised organizations to either uninstall the affected versions or update to a newer release.

What China’s Security Alert Says

The cybersecurity advisory alleges that the affected Claude Code versions contain functionality capable of automatically sending sensitive information outside a user’s system.

Alert DetailsInformation
Issuing AuthorityChina’s National Vulnerability Database (NVDB)
Supervising AgencyMinistry of Industry and Information Technology (MIIT)
SoftwareAnthropic Claude Code
Affected Versions2.1.91 to 2.1.196
Recommended ActionUpgrade or uninstall affected versions

The NVDB also recommended that organizations strengthen network traffic monitoring to detect any potential unauthorized transmission of sensitive information.

Anthropic Responds to the Allegations

Anthropic has disputed the characterization of the feature as a “backdoor.”

According to Claude Code engineer Thariq Shihipar, the mechanism was introduced as a temporary experiment designed to combat unauthorized account reselling and AI model distillation—the practice of using outputs from one AI model to train another competing model.

Shihipar stated that the company had already developed stronger anti-abuse measures and had planned to remove the experimental tracking mechanism. He added that the feature would be rolled back in a subsequent software update.

Why Anthropic Added the Monitoring Mechanism

Anthropic says the disputed code was intended to address misuse of its products rather than monitor legitimate users.

PurposeExplanation
Prevent account abuseDetect unauthorized resellers
Protect AI modelsReduce model distillation attempts
Temporary experimentIntroduced in March 2026
Planned removalCompany says feature was already being rolled back

Anthropic has previously accused several Chinese AI companies of attempting to access Claude through fraudulent accounts to reproduce its capabilities, making protection against unauthorized usage a growing priority.

Part of a Broader AI Dispute

The controversy comes amid increasing tensions between U.S. AI developers and Chinese technology companies.

Anthropic does not officially provide Claude services in mainland China, but developers have reportedly continued accessing the platform through VPNs and third-party resellers. Meanwhile, Chinese authorities have intensified scrutiny of foreign AI products, particularly those that handle sensitive user or enterprise data.

The warning also follows reports that Alibaba instructed employees to stop using Claude Code internally over security concerns, adding another layer to the ongoing dispute between Chinese technology firms and Anthropic.

Security Implications for Developers

StakeholderPotential Impact
DevelopersMay need to update affected Claude Code versions
EnterprisesIncreased review of AI coding tools
AI companiesGreater scrutiny over telemetry and data collection
RegulatorsStronger oversight of foreign AI software

The incident highlights growing concerns around how AI-powered developer tools collect telemetry, authenticate users, and protect intellectual property while maintaining transparency about what information is transmitted.

What It Means for the AI Industry

China’s warning against Claude Code reflects the increasingly complex intersection of cybersecurity, artificial intelligence, and geopolitics. While Chinese regulators describe the disputed functionality as a serious security backdoor, Anthropic maintains that it was a temporary anti-abuse mechanism designed to prevent unauthorized access and AI model theft.

Regardless of how the feature is ultimately classified, the episode is likely to increase global scrutiny of AI coding assistants and the telemetry they collect. As enterprises adopt AI-powered developer tools at a rapid pace, transparency around data collection, user privacy, and security mechanisms is expected to become an increasingly important differentiator for AI software providers.

Get the day’s top stories in your inbox

One concise email. No spam, unsubscribe anytime.