
China’s National Vulnerability Database (CNVDB) has issued an urgent warning claiming that specific versions of Anthropic’s Claude Code AI coding tool contain “security backdoor vulnerabilities” that can transmit sensitive user data to remote servers without consent.
The state-run body said the alert applies to Claude Code versions 2.1.91 (released April 2) through 2.1.196 (released June 29). It urged companies and individual developers to immediately uninstall those versions or upgrade to the latest secure release.
The CNVDB alleged that a built-in monitoring mechanism in those versions can collect users’ location data and identity-related identifiers and forward them to remote servers. It recommended that organizations “strengthen the control of external access permissions and traffic monitoring of development tools within core business network segments.”
Context and tensions
The warning is the latest escalation in souring relations between Anthropic and Chinese technology entities. In late June, Anthropic publicly accused Chinese tech giant Alibaba of illicitly extracting Claude’s outputs to improve its own AI models, describing it in a letter to two U.S. senators as the largest attack on its AI the company had ever seen. Shortly afterward, Alibaba banned its employees from using Claude Code altogether.
The backdoor allegations also follow revelations that Anthropic had embedded covert code, a steganography system, in Claude Code to detect model distillation by competitors. Claude Code engineer Thariq Shihipar confirmed the system existed and said “stronger mitigations” had since been implemented, with the secret code removed in version 2.1.198 (released July 1). When asked whether the monitoring mechanism referenced by China was the same system disclosed in its terms of service, Anthropic did not directly answer the question.
Broader implications
The CNVDB warning carries significant weight in China’s technology sector. State-run warnings about foreign software can trigger rapid enterprise adoption of domestic alternatives. For foreign AI companies operating in or selling into China, the incident underscores how data localization concerns and national security rhetoric increasingly shape the regulatory environment for AI developer tools.
Anthropic had not publicly commented on the specifics of the CNVDB’s backdoor allegations at the time of publication.
Sources: The Register (July 8); China Daily (July 8)

