China Flags Claude Code Security Risk as Anthropic Faces Fresh AI Trust Scrutiny

· · Views: 2,218 · 3 min time to read

China has issued a cybersecurity warning over Anthropic’s Claude Code, escalating scrutiny of the U.S. company’s AI coding tool after officials said certain versions may contain a serious “backdoor” risk that could transmit sensitive user information.

China’s Vulnerability Database Issues Warning

The warning came from China’s National Vulnerability Database, or NVDB.

Reuters reported that the NVDB posted on its WeChat account that Claude Code contains a built-in monitoring mechanism capable of transmitting sensitive information to remote servers without users’ consent.

The advisory names specific affected versions. The warning applies to Claude Code versions 2.1.91 through 2.1.196.

CNBC’s views the issue as a “backdoor security threat” reflects the same concern that the tool may expose sensitive information through hidden or unwanted monitoring behavior.

Users Told to Uninstall or Upgrade

Chinese authorities urged immediate action from users and organizations. NVDB advised organizations and users to review affected systems immediately and either uninstall the impacted versions or upgrade to the latest secure release where the alleged backdoor code has been removed.

The Wall Street Journal also reported that the Chinese agency advised users to uninstall or update Claude Code after identifying the alleged security vulnerabilities.

The advisory also called for stronger network defenses. NVDB urged organizations to tighten controls on external network access for development tools and strengthen traffic monitoring on core business networks to prevent the unauthorized transfer of sensitive data.

Alibaba Ban Adds Corporate Pressure

The warning follows a separate move by Alibaba. Alibaba has banned employees from using Claude Code at work after the tool drew scrutiny for features that can help identify China-linked users.

The dispute reflects a wider split between U.S. AI companies and Chinese developers.

The Wall Street Journal reported that Claude Code remains popular among Chinese developers even though Anthropic has restricted access in China, with some users relying on overseas proxies.

Anthropic Has Yet to Respond Publicly

Anthropic has not publicly answered the latest Chinese advisory. Anthropic did not immediately reply to a request for comment about China’s Claude Code security alert. Anthropic had not formally responded to China’s claims, though the company had previously limited access to its software in China, citing national security concerns.

The company had previously faced questions over China-linked user detection. A Reddit post last week accused Anthropic of embedding code to track Chinese users, while an Anthropic employee said the mechanism was part of an experimental measure to prevent abuse and model distillation.

AI Coding Tools Become a Security Flashpoint

The warning shows how AI coding tools are becoming part of the broader technology rivalry between China and the United States. Claude Code is not just a chatbot. It is a developer tool that can operate inside coding environments, making any alleged monitoring mechanism especially sensitive for companies handling intellectual property, source code or internal infrastructure.

For China, the warning strengthens the case for tighter controls over foreign AI tools used in domestic companies. For Anthropic, it adds another trust challenge around how the company enforces access restrictions without creating fears of surveillance. The bigger issue is clear: as AI tools move deeper into software development, users will not only ask how well they code, but also what they can see, collect and send back.

Share
f 𝕏 in
Copied