China Flags Security Backdoor in Anthropic's Claude Code AI Tool
Beijing's cybersecurity agency warns the autonomous coding assistant sends user data to remote servers without consent, escalating U.S.-China AI tensions.
China's Ministry of Industry and Information Technology issued a security warning Wednesday about Anthropic's Claude Code AI tool, claiming the autonomous coding assistant contains a backdoor vulnerability that transmits sensitive user information to remote servers without consent.
The cybersecurity alert targets specific versions of Claude Code released between April 2 and June 29, covering releases 2.1.91 through 2.1.196. According to the ministry's statement, the tool can collect and send user location data and identity information without authorization. Chinese authorities are advising users to either uninstall the affected versions or upgrade to newer releases.
Escalating Tech Tensions
The warning arrives amid heightened friction between Washington and Beijing over artificial intelligence capabilities. Last month, Anthropic accused Chinese e-commerce giant Alibaba of attempting to extract its AI technology, which remains officially unavailable in mainland China. Alibaba declined to comment on those allegations at the time.
Despite official restrictions, Chinese developers have found workarounds to access U.S.-based AI tools. In March, a Xiaomi AI developer publicly acknowledged at a state-organized forum that many Chinese technologists were actively using Claude Code for development work.
The security concerns have prompted corporate action. CNBC confirmed Monday that Alibaba has instructed its employees to discontinue use of Anthropic tools for work purposes effective July 10, just days before the ministry's formal warning.
Technical Details and Response
Anthropic's website indicates the company has continued releasing updates beyond the flagged versions, with version 2.1.204 available as of Wednesday. The San Francisco-based AI company had not responded to requests for comment on the Chinese government's security claims at the time of the ministry's announcement.
The autonomous coding capabilities that make Claude Code attractive to developers—its ability to write, review, and modify code with minimal human intervention—also create potential vectors for data collection if security vulnerabilities exist in the software's architecture.
Why It Matters
This incident illustrates how AI tools are becoming flashpoints in U.S.-China technology competition. When American AI companies restrict access to China while Chinese developers seek those capabilities anyway, governments on both sides gain leverage to raise security concerns—whether technically justified or strategically motivated. For enterprises operating across both markets, the episode underscores the compliance risks of using AI tools not officially sanctioned in their operating jurisdictions, even when those tools offer significant productivity advantages.
The security warning was first reported by CNBC, which confirmed Alibaba's internal directive to employees regarding Anthropic tools.
This is an original analysis by the Omega editorial team. Source reporting: AI Watch.
Want systems like this working for your business?
Book a Call
