China's Ministry of Industry and Information Technology warned Wednesday that Anthropic's Claude Code AI coding tool contains a security backdoor vulnerability that poses a serious threat to organizations and individuals using the software.
According to the National Vulnerability Database, the tool harbors a mechanism that covertly routes sensitive data — among it geographic location and identity-linked identifiers — to outside servers, all without notifying or obtaining permission from the user. The warning covers Claude Code versions 2.1.91 through 2.1.196, which correspond to releases from April 2 through June 29, according to CNBC.
Remediation guidance from the database included removing affected installations entirely or moving to the most recent version of the software, from which the disputed code has been stripped out. The database further recommended that organizations audit how their development tools connect to external networks and improve visibility into traffic flowing through critical internal systems.
Anthropic said the mechanism described as a backdoor was an experimental anti-abuse measure it ran earlier this year, intended to prevent unauthorized resellers and protect against model distillation. The company also noted that access to Claude and Claude Code is not permitted in China, making the users being warned to uninstall the software unauthorized to begin with.
The government alert came on the heels of a Wall Street Journal report noting that a Reddit $RDDT thread the previous week had raised accusations that Anthropic embedded functionality in the tool specifically designed to flag users operating from Chinese networks. An Anthropic employee subsequently said on X $TWTR that the code was part of an experiment launched in March.
The development sits within a broader confrontation between Anthropic and Chinese technology companies. Alibaba told employees to stop using Claude Code starting July 10, citing the backdoor risk. Anthropic has accused Alibaba of conducting what it described as a large-scale distillation attack on its models, alleging that entities affiliated with the Chinese company used roughly 25,000 fraudulent accounts to run nearly 28.8 million exchanges with its models over approximately six weeks. Alibaba has not publicly responded to those accusations.
Neither government has created a pathway for Anthropic to operate in China — Beijing has withheld approval, and Anthropic itself has cut off access on national-security grounds. Even so, the Journal reported that Claude Code has cultivated a substantial user base among Chinese engineers and researchers, many of whom reach the platform through foreign proxy services, frequently at their employers' expense.
