China is telling organizations to remove certain versions of Anthropic’s Claude Code. The warning claims the AI coding assistant has a security “backdoor” that could send sensitive user information to remote servers without consent.
The alert puts a spotlight on a growing problem for companies with developers in China and across APAC. AI coding assistants can help teams move faster, but they also sit close to source code, internal systems, and company data. As a result, security teams may need to review approved tools, network access, telemetry, and vendor risk, especially when regional rules and geopolitical restrictions are involved.
China flags affected Claude Code versions
Reuters reported that China’s National Vulnerability Database, a cybersecurity platform operated by the Ministry of Industry and Information Technology, said Claude Code versions 2.1.91 to 2.1.196 contained a built-in monitoring mechanism capable of transmitting sensitive information to remote servers.
The database said the information could include users’ geographic location and identity-related identifiers. It advised organizations and users to uninstall the affected versions or upgrade to a newer release in which the alleged backdoor code had been removed.
The Chinese warning also urged organizations to tighten external network access for development tools and strengthen traffic monitoring on core business networks. The guidance is especially relevant for AI coding assistants, which often sit close to source code, internal repositories, and developer workflows.
Anthropic says the feature was anti-abuse protection
Anthropic disputed China’s characterization of the issue. CNBC noted that Anthropic said the alleged “backdoor” was an experiment earlier this year to protect against model distillation, a process in which outputs from a large AI model can be used to train another model.
The company also said Claude was not permitted for use in China. According to CNBC, Anthropic’s policy prohibits use by entities majority-owned by China-headquartered organizations.
The dispute follows Anthropic’s accusation last month that Alibaba attempted to extract its AI capabilities, according to CNBC. Alibaba did not comment on the accusation at the time, and CNBC reported that the company has ordered employees to stop using Anthropic tools for work starting July 10.
The timing makes the warning more than a narrow software telemetry issue. It sits inside a wider US-China AI dispute involving access restrictions, model protection, and the use of foreign AI tools in corporate environments.
More must-read AI coverage
- SS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking?
- SS&C Intralinks FundCentre AI vs. Juniper Square: Which platform better supports modern private markets fund managers?
- Why Data, Not Models, Determines AI Success
- The Rise of the AI-Native Factory: How Physical AI Is Transforming Manufacturing
AI coding tools face more regional scrutiny
For multinational organizations with development teams in China or across APAC, the Claude Code warning points to a practical governance problem.
AI coding assistants cannot be reviewed only as productivity tools. Security teams may also need to evaluate what data the tools collect, where that data goes, and whether regional rules allow employees to use them.
The South China Morning Post reported that Anthropic said users in China were never authorized to use Claude Code. The outlet also said that security experts expect Chinese companies to treat AI suppliers as strategic supply chain providers, not just software vendors.
A single global AI tool policy may not be enough for teams working across different markets. Organizations may need region-specific rules for approved coding assistants, telemetry controls, network access, and vendor risk reviews.
The tradeoff is speed versus control. Developers may want the same AI tools across all markets, but companies with APAC engineering teams may need tighter regional rules for approved AI assistants.
Also read: Chinese AI models are attracting interest from some companies due to lower costs, but the tools can raise questions about data security, hosting, and vendor risk.