China Warns of Claude Code ‘Backdoor’ Security Risk

China Warns of Claude Code ‘Backdoor’ Security Risk

China Warns of Claude Code ‘Backdoor’ Security Risk

China’s Claude Code warning raises new questions about AI coding tools and software security. Image generated via Google’s Nano Banana

China warned organizations to remove certain Claude Code versions over alleged backdoor risks, while Anthropic called the feature anti-abuse protection.

Écrit par
Kezia Jungco
Kezia Jungco
Jul 9, 2026

China is telling organizations to remove certain versions of Anthropic’s Claude Code. The warning claims the AI coding assistant has a security “backdoor” that could send sensitive user information to remote servers without consent.

The alert puts a spotlight on a growing problem for companies with developers in China and across APAC. AI coding assistants can help teams move faster, but they also sit close to source code, internal systems, and company data. As a result, security teams may need to review approved tools, network access, telemetry, and vendor risk, especially when regional rules and geopolitical restrictions are involved.

China flags affected Claude Code versions

Reuters reported that China’s National Vulnerability Database, a cybersecurity platform operated by the Ministry of Industry and Information Technology, said Claude Code versions 2.1.91 to 2.1.196 contained a built-in monitoring mechanism capable of transmitting sensitive information to remote servers.

The database said the information could include users’ geographic location and identity-related identifiers. It advised organizations and users to uninstall the affected versions or upgrade to a newer release in which the alleged backdoor code had been removed.

The Chinese warning also urged organizations to tighten external network access for development tools and strengthen traffic monitoring on core business networks. The guidance is especially relevant for AI coding assistants, which often sit close to source code, internal repositories, and developer workflows.

Anthropic says the feature was anti-abuse protection

Anthropic disputed China’s characterization of the issue. CNBC noted that Anthropic said the alleged “backdoor” was an experiment earlier this year to protect against model distillation, a process in which outputs from a large AI model can be used to train another model.

The company also said Claude was not permitted for use in China. According to CNBC, Anthropic’s policy prohibits use by entities majority-owned by China-headquartered organizations.

The dispute follows Anthropic’s accusation last month that Alibaba attempted to extract its AI capabilities, according to CNBC. Alibaba did not comment on the accusation at the time, and CNBC reported that the company has ordered employees to stop using Anthropic tools for work starting July 10.

The timing makes the warning more than a narrow software telemetry issue. It sits inside a wider US-China AI dispute involving access restrictions, model protection, and the use of foreign AI tools in corporate environments.

Advertisement

More must-read AI coverage

AI coding tools face more regional scrutiny

For multinational organizations with development teams in China or across APAC, the Claude Code warning points to a practical governance problem.

AI coding assistants cannot be reviewed only as productivity tools. Security teams may also need to evaluate what data the tools collect, where that data goes, and whether regional rules allow employees to use them.

The South China Morning Post reported that Anthropic said users in China were never authorized to use Claude Code. The outlet also said that security experts expect Chinese companies to treat AI suppliers as strategic supply chain providers, not just software vendors.

A single global AI tool policy may not be enough for teams working across different markets. Organizations may need region-specific rules for approved coding assistants, telemetry controls, network access, and vendor risk reviews.

The tradeoff is speed versus control. Developers may want the same AI tools across all markets, but companies with APAC engineering teams may need tighter regional rules for approved AI assistants.

Also read: Chinese AI models are attracting interest from some companies due to lower costs, but the tools can raise questions about data security, hosting, and vendor risk.

Kezia Jungco

Kezia Jungco is a technology writer and researcher specializing in artificial intelligence, data analytics, CRM software, cloud infrastructure, cybersecurity, and emerging business technologies. With more than five years of experience evaluating software platforms and technology solutions, she helps business leaders understand the tools and trends shaping the future of work. Kezia has extensive hands-on experience testing and analyzing generative AI platforms, chatbots, natural language processing (NLP) tools, CRM systems, and business software. Her work focuses on translating complex technologies into practical insights that help organizations make informed decisions about technology adoption, operational efficiency, and digital transformation. As a staff writer for TechnologyAdvice, Kezia covers AI innovation, business applications of machine learning, data-driven technologies, cloud computing, cybersecurity, and sales technology. Her background in journalism, research, and education enables her to combine rigorous analysis with clear, accessible reporting for both enterprise and consumer audiences. Kezia holds a bachelor's degree in Development Communication with a major in Development Journalism from the University of the Philippines Los Baños. She has also completed professional training in artificial intelligence, data privacy, and information security. Her work has been featured in TechnologyAdvice, TechRepublic, eWeek, Datamation, and Selling Signals, where she helps readers navigate a rapidly evolving technology landscape with practical, research-driven guidance.