China issues national ‘backdoor’ alert over Claude Code

TL;DR:

  • A cybersecurity platform run by China’s industry ministry has warned that Anthropic’s Claude Code contains a “backdoor” risk.
  • It says affected versions can transmit users’ location and identity data to remote servers without consent, and urges organisations to uninstall or upgrade.
  • Anthropic says the mechanism is an experimental anti-abuse feature, and that Claude is not permitted for use in China.

China’s National Vulnerability Database has issued a formal security alert over Anthropic’s AI coding tool, Claude Code, warning that it contains a built-in monitoring mechanism capable of transmitting sensitive information, including users’ geographic location and identity-related identifiers, to remote servers without consent. The warning, posted on the platform’s WeChat account, covers Claude Code versions 2.1.91 through 2.1.196 and advises organisations to uninstall the affected releases or upgrade to a version in which the alleged code has been removed.

From a corporate ban to a state warning

The alert marks a clear escalation. A week ago the dispute was a single company’s internal policy: Alibaba banned staff from using Claude Code after the tool drew scrutiny over features that can help identify China-linked users. It has now become a government-level advisory, with the vulnerability database also urging organisations to tighten controls on external network access for development tools and to strengthen traffic monitoring on core business networks. Anthropic has pushed back, characterising what China describes as a “backdoor” as an experimental anti-abuse mechanism, and noting that access to Claude is not permitted in China in the first place.

Looking forward

For UK and European businesses, the episode is less about the specific dispute than what it signals: AI development tools are becoming instruments of geopolitical friction, and the provenance of a coding assistant, what it monitors and where that data flows, is now a procurement question rather than a technical footnote. It also sits alongside Beijing’s separate move to curb overseas access to China’s own top AI models, evidence of a hardening, reciprocal split in the global AI supply chain. Expect enterprise buyers everywhere to start asking sharper questions about telemetry and data residency before they let any frontier tool touch their codebase.