China Warns of Security Backdoor in Anthropic's Claude Code AI Tool
China Warns of Backdoor in Anthropic's Claude Code

China's National Vulnerability Database (NVDB), operated by the Ministry of Industry and Information Technology, issued a warning on Wednesday about a serious security backdoor in Anthropic's AI coding tool, Claude Code. The tool, developed by US-based Anthropic, is an AI agent that can generate, debug, and review code based on user prompts.

Monitoring Mechanism Transmits Sensitive Data

In a statement posted on its WeChat account, the NVDB said Claude Code contains a built-in monitoring mechanism that can transmit sensitive information—including users' geographic location and identity-related identifiers—to remote servers without user consent. The warning applies to Claude Code versions 2.1.91 through 2.1.196, according to the state-operated cybersecurity platform.

Recommended Actions

The NVDB advised organizations and users in China to immediately review affected systems and either uninstall the impacted versions or upgrade to the latest secure release, where the alleged backdoor code has been removed. It also urged organizations to tighten controls on external network access for development tools and strengthen traffic monitoring on core business networks to prevent unauthorized transfer of sensitive data.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Alibaba Bans Claude Code

China's Alibaba had banned employees from using Claude Code at work after the tool drew scrutiny for features enabling it to identify China-linked users, Reuters reported last week. Anthropic did not reply to a Reuters request for comment.

Pickt after-article banner — collaborative shopping lists app with family illustration