China’s cybersecurity authorities have raised concerns over the security of Anthropic’s AI-powered coding assistant, Claude Code, alleging that certain versions of the software contain a “security backdoor” capable of transmitting sensitive user information without consent.
The warning was issued on Wednesday by China’s National Vulnerability Database (NVDB), a cybersecurity platform affiliated with the Ministry of Industry and Information Technology. The regulator urged organizations and users to immediately review their systems and remove or update affected versions of the software.
Regulator Alleges Unauthorized Data Transmission
According to the NVDB, the alleged security flaw could allow Claude Code to transmit sensitive information—including users’ geographic location and device- or identity-related identifiers—to Anthropic’s servers without explicit user authorization.
Claude Code is an AI coding assistant designed to help developers generate code, debug software and review programming projects using natural language prompts.
The cybersecurity authority described the issue as posing a “severe threat” and advised organizations to strengthen network traffic monitoring to guard against unauthorized data leakage. It also recommended upgrading to the latest software version, which it said removes the disputed code.
Anthropic Yet to Respond Officially
Anthropic, the San Francisco-based AI startup behind Claude Code, had not responded to media requests for comment at the time of publication. The allegations first surfaced in specialist technology media before being highlighted by Chinese regulators.
Although Anthropic officially restricts access to its products in China and other countries it classifies as adversarial, users in China have continued to access its AI tools through virtual private networks (VPNs) and third-party proxy services.
Alibaba Bans Claude Code Internally
Amid the growing scrutiny, Chinese technology giant Alibaba has reportedly instructed employees to stop using Claude Code beginning July 10, citing security concerns, according to people familiar with the matter.
The development comes against the backdrop of increasing tensions between Anthropic and Chinese technology firms. Earlier this year, Anthropic accused Alibaba of using a technique known as “distillation” to reverse-engineer its AI models and replicate their capabilities.
Responding to reports circulating on social media, Claude Code engineer Thariq Shihipar acknowledged that the software had included an experimental mechanism introduced in March. According to Shihipar, the feature was designed to detect account abuse by unauthorized resellers and prevent model distillation rather than collect user data for other purposes.
He added that the company had since implemented stronger safeguards and was already planning to remove the experimental code. The rollback, he said, was expected to be completed in the tool’s next software release.
The episode underscores the growing geopolitical and cybersecurity tensions surrounding AI software, particularly as governments intensify scrutiny over how advanced AI tools collect, process and transmit user data across borders.
Also Read :- US Lifts Export Restrictions on Anthropic’s Advanced AI Models Fable and Mythos


