China exposes security backdoor in Anthropic’s Claude Code

- China’s National Vulnerability Database warned that Anthropic’s Claude Code, in versions 2.1.91 through 2.1.196, has a built-in mechanism that steals data.
- It allegedly sends users’ region and identity data to remote servers without consent.
- Chinese developers have been advised to uninstall or upgrade their coding assistants.
China’s National Vulnerability Database (NVDB) has instructed developers to uninstall or upgrade specific versions of Anthropic’s coding assistant, Claude Code.
Claude Code was flagged as a security risk following allegations that the tool sends user data to remote servers without consent.
Is using Claude Code dangerous?
Anthropic’s coding assistant Claude Code has had its versions 2.1.91 through 2.1.196 flagged as a security risk by China’s National Vulnerability Database (NVDB), days after Alibaba reportedly barred staff from using the same software.
Claude Code allegedly contains a monitoring mechanism that is built into its system. This mechanism can automatically transmit sensitive data, including a user’s region and identity identifiers, to remote servers.
The NVDB, which sits under China’s Ministry of Industry and Information Technology (MIIT), did not share the details on how it identified the alleged backdoor. Anthropic has yet to publicly respond to the specific claim.
Chinese organizations have been advised to disconnect the affected versions from development machines, move to fixed versions of the coding assistant, and closely monitor any coding tools that are connected outside a company’s core network.
Why did China flag Claude Code now?
The NVDB warning follows a period of increased tension between Anthropic and Chinese AI developers.
In February, Anthropic stated that it does not sell commercial access to Claude in China for national security reasons, and that Chinese labs, including DeepSeek, Moonshot, and MiniMax had used fraudulent accounts and proxy services to reach its models anyway.
U.S. chips and Apple software have also been accused of having “backdoors” built into them, while Anthropic has argued that models copied from American systems could have their safety features removed and then be used for surveillance.
If you're reading this, you’re already ahead. Stay there with our newsletter.
FAQs
Which versions of Claude Code did China flag?
The NVDB named Claude Code versions 2.1.91 through 2.1.196 and advised affected users to uninstall them or upgrade to a secure release, according to the agency's statement.
What did China accuse Claude Code of doing?
The NVDB said the tool has a built-in monitoring mechanism that can send sensitive information, including a user's region and identity identifiers, to remote servers without the user's consent, which it called a serious security risk.
Why did Alibaba stop its employees from using Claude Code?
Alibaba banned staff from using Claude Code at work after the tool drew attention for features that can help identify China-linked users.

Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
















