Key Takeaways
- Chinese National Vulnerability Database identified security concerns in Claude Code releases spanning versions 2.1.91 to 2.1.196
- Authorities claim the software transmitted user location and identifying information to Anthropic’s infrastructure without explicit user authorization
- Chinese cybersecurity officials recommended immediate removal of compromised versions or prompt updates to newer releases
- Tech giant Alibaba prohibited employee use of Claude Code effective July 10 due to identical security vulnerabilities
- Anthropic’s Thariq Shihipar acknowledged the data collection was part of an anti-abuse testing initiative and confirmed remediation was in progress
A Chinese government cybersecurity agency has issued an alert concerning a potential “security backdoor” within Anthropic’s AI-powered coding assistant Claude Code, recommending immediate removal or version updates for affected users.
The National Vulnerability Database (NVDB), operating under China’s Ministry of Industry and Information Technology, published the security advisory on July 8 through its official WeChat channel.
According to the NVDB, the vulnerability impacts Claude Code versions ranging from 2.1.91 to 2.1.196. The agency alleges these releases captured users’ geographical positioning data and personal identification details, subsequently transmitting this information to external servers without obtaining proper user authorization.
The cybersecurity body characterized the vulnerability as a “critical security risk” and advised affected organizations to initiate comprehensive system audits immediately.
Chinese Tech Giant Restricts Internal Use
Prior to the NVDB’s public announcement, Alibaba, one of China’s leading technology corporations, had already implemented internal restrictions on the tool. The company informed its workforce in recent days that Claude Code usage would be prohibited for business purposes beginning July 10, instructing employees to transition to Qoder, Alibaba’s proprietary coding assistance platform.
Alibaba’s decision was driven by the identical security vulnerabilities later highlighted by the NVDB.
This development further complicates the already contentious relationship between Alibaba and Anthropic. The AI company has previously alleged that Alibaba and additional Chinese technology firms employ “distillation” methods — a process where compact AI models are trained using outputs from more sophisticated systems — to replicate its proprietary model capabilities.
Company Engineer Addresses Concerns
Anthropic has yet to release an official statement regarding China’s security warning.
Nevertheless, Thariq Shihipar, an engineer working on Claude Code at Anthropic, commented on the matter via X following initial coverage in specialized technology publications last week.
Shihipar explained that the data collection functionality was implemented as part of a trial program initiated in March. The purpose was to combat account misuse by unauthorized third-party resellers and to defend against model distillation attempts.
“The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while,” Shihipar stated. He indicated that complete removal of the feature would be incorporated in the upcoming software release.
Anthropic maintains access restrictions preventing users and entities in China and other nations it deems adversarial from utilizing its products. Nonetheless, numerous Chinese software developers continue accessing Claude Code through virtual private network services and international proxy infrastructure.
The NVDB additionally suggested that organizations strengthen restrictions on external network connectivity and enhance network traffic surveillance to block unauthorized data transmissions.
At publication time, Anthropic had not provided responses to media inquiries regarding the NVDB’s specific claims.



