03
China warns of a "backdoor" in Anthropic's Claude Code
incrementalDeveloperLegal
Wednesday, July 8, 2026
Confidence
Medium · — Chinese regulator primary + 3 corroborating; underlying technical evidence not disclosed and Anthropic has not responded.
Evidence
NVDB advisory + Reuters + CNBC
Beijing's National Vulnerability Database issued a named advisory Wednesday alleging Claude Code silently exfiltrates user location and identity data — the first state-level security callout against a US coding agent, days before Alibaba's internal ban takes effect.
- The Chinese Ministry of Industry and Information Technology said Wednesday its cybersecurity threat platform found "AI coding tool Claude Code contains a security back-door vulnerability that poses a serious threat."
- The affected versions are Claude Code 2.1.91 through 2.1.196; the NVDB advised organizations and users to conduct an immediate inspection and either uninstall or upgrade to the latest secure version that has removed the backdoor code.
- Alibaba told employees last week that use of Claude Code would be banned starting July 10 due to security concerns; Anthropic has previously accused Alibaba of reverse-engineering its AI models to mimic their abilities in a process known as "distillation." Source: WSJ.
Sources