China Warns of AI Security Risks Linked to Anthropic’s Claude Code

China’s industry ministry issued a formal cybersecurity warning against a US AI company’s flagship coding tool on Wednesday. The move marks the latest escalation in a dispute between Anthropic and Chinese tech firms.

The warning was published through the Ministry of Industry and Information Technology’s National Vulnerability Database (NVDB).

It claims certain versions of Anthropic’s Claude Code contain a security backdoor. According to the notice, the feature could quietly send user data to remote servers.

What China’s Cybersecurity Platform Actually Alleges

According to the NVDB’s statement, posted in Chinese and reported by CNBC and Reuters, Claude Code contains a built-in monitoring mechanism that can transmit sensitive information, including a user’s geographic location and identity-related identifiers, to remote servers without consent.

The warning names specific affected versions, 2.1.91 through 2.1.196, which correspond to releases Anthropic shipped between April 2 and June 29 according to its own public changelog.

The agency advised organizations and individual users to inspect any development systems running those versions. It also recommended uninstalling the affected releases or upgrading to a newer version immediately.

In addition, officials urged businesses to strengthen external network access controls. They also recommended monitoring traffic around development tools running inside core business networks.

Anthropic’s current release as of Wednesday is version 2.1.204. The company did not immediately respond to CNBC’s request for comment on the allegations.

The Bigger Fight This Warning Sits Inside

The timing here matters more than the technical claim on its own. Anthropic accused Chinese company Alibaba last month of running a campaign to extract Anthropic’s AI capabilities through distillation, despite Anthropic’s models not being officially available inside China.

Alibaba didn’t respond to that accusation at the time. Then, according to a South China Morning Post report from earlier this month, Alibaba banned its own employees from using Claude Code starting July 10, after an internal security evaluation reportedly added the tool to a list of high-risk software over what it also described as backdoor concerns, directing staff toward Qoder, Alibaba’s own coding assistant, instead.

Some reports citing company insiders suggest the directive extends beyond Claude Code to other Anthropic products, including the Sonnet, Opus, and Fable model families.

Alibaba and security researchers have also claimed the tool could detect whether a user was based in China or affiliated with a Chinese AI lab. However, these allegations have not been independently verified.

Anthropic has not publicly addressed those specific claims. As a result, the technical details behind the accusations remain unclear.

It’s also worth noting that Anthropic does not officially offer its services in mainland China. That makes the “backdoor” narrative more difficult to verify from the outside.

Any location or identity signals collected by the software could also relate to existing eligibility checks rather than a hidden surveillance feature. Neither government agencies nor Alibaba have released enough technical evidence to settle the question publicly.

Regardless of the underlying mechanism, the dispute appears to reflect a broader geopolitical conflict rather than an isolated cybersecurity disclosure.

Anthropic has accused a Chinese company of stealing its technology. In response, Chinese authorities have restricted the same technology over alleged surveillance concerns.

China’s industry ministry has now elevated the issue to the national level. Although the immediate impact may be limited because Claude Code is not officially licensed in China, the episode highlights how AI development tools are becoming part of the wider U.S.-China technology rivalry.

Source: Official China National Vulnerability Database (CNNVD/NVDB) security advisory on Anthropic's Claude Code vulnerability.

Pradeepa Sakthivel
Pradeepa Sakthivel
Articles: 66

Leave a Reply

Your email address will not be published. Required fields are marked *