China warns of “security backdoor” in Anthropic AI coding tool
Beijing — Chinese regulators issued a warning to users on Wednesday about a potential security threat in the coding tool Claude Code, developed by U.S. artificial intelligence company Anthropic. The National Vulnerability Database (NVDB) in China raised concerns about a “security backdoor” in the software that could allow sensitive information, such as user locations and identity-related data, to be transmitted back to Anthropic’s servers without consent.
Claude Code is an AI coding agent that assists in generating computer code, debugging software, and reviewing code based on user inputs. Despite Anthropic blocking users and companies from China and other adversarial nations, access to their products can still be obtained in China through VPN or third-party proxy services.
The NVDB, affiliated with China’s Ministry of Industry and Information Technology, stated on its website that they had identified security risks in Claude Code, posing a significant threat. Anthropic has not yet responded to requests for comment on these allegations, which were initially reported in tech media last week.
The NVDB recommended that organizations and users conduct a thorough check of the software and either uninstall it or upgrade to the latest secure version that eliminates the backdoor code. They also advised strengthening network traffic monitoring to prevent unauthorized data leakage.
Alibaba, a major Chinese tech company, reportedly informed its employees last week that the use of Claude Code would be prohibited starting July 10 due to security worries. Anthropic has previously accused Alibaba of reverse-engineering their AI models in a practice called “distillation.”
In response to reports about data tracking from Chinese users, Claude Code engineer Thariq Shihipar explained in a recent post that the tracking was part of an experiment launched in March to prevent account abuse and protect against distillation. Shihipar assured users that stronger measures had been implemented and that the tracking feature would be removed in the upcoming release.



