China Flags Alleged Backdoor in Anthropic’s Claude Code, Citing Data Transmission Risks

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Backdoor Warning: China's National Vulnerability Database flagged an alleged "backdoor" in Claude Code versions 2.1.91 through 2.1.196.
  • Data Transmission: The mechanism was said to send users' geographic location and identity-related identifiers to remote servers without consent.
  • Vendor response: Anthropic said the code was an experimental anti-abuse feature and reiterated that Claude is not available in China.

National Vulnerability Database (NVDB), a cybersecurity platform operated by China's Ministry of Industry and Information Technology, warned on Wednesday that it had identified a serious security "backdoor" risk in U.S.-based Anthropic's AI coding tool, Claude Code.

National Vulnerability Database Flags Claude Code Risk

In a statement, the NVDB said Claude Code contains a built-in monitoring mechanism that can transmit sensitive information, including users' geographic locations and identity-related identifiers, to remote servers without user consent, CNBC has reported

The warning applies specifically to Claude Code versions 2.1.91 through 2.1.196, which check whether a proxy is enabled and for possible AI Lab connections. The database described the functionality as a security risk and urged organizations to assess whether the affected versions are deployed in their environments.

The database advised that organizations and users should immediately review affected systems and either uninstall the impacted versions or upgrade to the latest secure release, in which the alleged backdoor has been removed.

Anthropic Response

Anthropic disputed the characterization of the mechanism as a backdoor, stating that the functionality was an experimental anti-abuse and anti-distillation measure designed to protect its services. The company announced in a 2025 post that Claude is not available in China “due to legal, regulatory, and security risks.

The warning follows Alibaba’s ban on employee use of Claude Code at work last week after the tool drew scrutiny for features that could help identify China-linked users. Late last month, Anthropic accused Chinese company Alibaba and its AI lab, Alibaba Qwen, of attempting to extract its AI capabilities in a distillation attack. 

On June 12, the Commerce Department imposed restrictions on Anthropic's latest Mythos and Fable AI models, citing fears they could be deployed by military intelligence users in China and other countries of concern. 


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: