China’s National Vulnerability Database (NVDB), which operates under the Ministry of Industry and Information Technology (MIIT), has issued a cybersecurity alert claiming that several versions of Anthropic’s Claude Code AI coding assistant contain a security “backdoor” capable of transmitting sensitive user information to remote servers without authorization. The warning marks a new escalation in the growing technology and AI rivalry between China and the United States, with Chinese authorities urging organizations to immediately review affected systems and upgrade to newer software versions.
According to the NVDB, the alleged vulnerability affects Claude Code versions 2.1.91 through 2.1.196. The agency claims the software includes a built-in mechanism that could collect and transmit information such as users’ geographic location, identity-related data, and other system details to Anthropic’s servers without explicit user consent. Chinese authorities described the issue as posing a “serious security threat” and advised organizations to either uninstall the affected versions or update to a newer release.
What China’s Security Alert Says
The cybersecurity advisory alleges that the affected Claude Code versions contain functionality capable of automatically sending sensitive information outside a user’s system.
| Alert Details | Information |
|---|---|
| Issuing Authority | China’s National Vulnerability Database (NVDB) |
| Supervising Agency | Ministry of Industry and Information Technology (MIIT) |
| Software | Anthropic Claude Code |
| Affected Versions | 2.1.91 to 2.1.196 |
| Recommended Action | Upgrade or uninstall affected versions |
The NVDB also recommended that organizations strengthen network traffic monitoring to detect any potential unauthorized transmission of sensitive information.
Anthropic Responds to the Allegations
Anthropic has disputed the characterization of the feature as a “backdoor.”
According to Claude Code engineer Thariq Shihipar, the mechanism was introduced as a temporary experiment designed to combat unauthorized account reselling and AI model distillation—the practice of using outputs from one AI model to train another competing model.
Shihipar stated that the company had already developed stronger anti-abuse measures and had planned to remove the experimental tracking mechanism. He added that the feature would be rolled back in a subsequent software update.
Why Anthropic Added the Monitoring Mechanism
Anthropic says the disputed code was intended to address misuse of its products rather than monitor legitimate users.
| Purpose | Explanation |
|---|---|
| Prevent account abuse | Detect unauthorized resellers |
| Protect AI models | Reduce model distillation attempts |
| Temporary experiment | Introduced in March 2026 |
| Planned removal | Company says feature was already being rolled back |
Anthropic has previously accused several Chinese AI companies of attempting to access Claude through fraudulent accounts to reproduce its capabilities, making protection against unauthorized usage a growing priority.
Part of a Broader AI Dispute
The controversy comes amid increasing tensions between U.S. AI developers and Chinese technology companies.
Anthropic does not officially provide Claude services in mainland China, but developers have reportedly continued accessing the platform through VPNs and third-party resellers. Meanwhile, Chinese authorities have intensified scrutiny of foreign AI products, particularly those that handle sensitive user or enterprise data.
The warning also follows reports that Alibaba instructed employees to stop using Claude Code internally over security concerns, adding another layer to the ongoing dispute between Chinese technology firms and Anthropic.
Security Implications for Developers
| Stakeholder | Potential Impact |
|---|---|
| Developers | May need to update affected Claude Code versions |
| Enterprises | Increased review of AI coding tools |
| AI companies | Greater scrutiny over telemetry and data collection |
| Regulators | Stronger oversight of foreign AI software |
The incident highlights growing concerns around how AI-powered developer tools collect telemetry, authenticate users, and protect intellectual property while maintaining transparency about what information is transmitted.
What It Means for the AI Industry
China’s warning against Claude Code reflects the increasingly complex intersection of cybersecurity, artificial intelligence, and geopolitics. While Chinese regulators describe the disputed functionality as a serious security backdoor, Anthropic maintains that it was a temporary anti-abuse mechanism designed to prevent unauthorized access and AI model theft.
Regardless of how the feature is ultimately classified, the episode is likely to increase global scrutiny of AI coding assistants and the telemetry they collect. As enterprises adopt AI-powered developer tools at a rapid pace, transparency around data collection, user privacy, and security mechanisms is expected to become an increasingly important differentiator for AI software providers.
Get the day’s top stories in your inbox
One concise email. No spam, unsubscribe anytime.