The Sheffield Press

Technology

China warns Anthropic Claude Code has serious backdoor risk

By Andrea Vigano ·
China warns Anthropic Claude Code has serious backdoor risk

China’s industry ministry has flagged Anthropic’s Claude Code as a serious security risk, warning that the AI coding tool contains a backdoor that could send sensitive information to remote servers without users’ consent. The National Vulnerability Database, a cybersecurity platform run by the Ministry of Industry and Information Technology, said the alert covers Claude Code versions 2.1.91 through 2.1.196 and told organizations to review affected systems immediately, uninstall the impacted releases or move to a secure version.

The warning lands in a product category where the stakes are unusually high. Claude Code is built for software development workflows, giving it access to source code, credentials and internal systems, which means any hidden monitoring or data transfer mechanism could expose an organization well beyond a normal consumer app. NVDB also urged tighter controls on outside network access and stronger traffic monitoring on core business systems to prevent unauthorized transfers of sensitive data.

AI-generated illustration
AI-generated illustration

The move comes after Alibaba barred employees from using Claude Code at work, a restriction Reuters reported on July 3 that was set to take effect on July 10. That ban followed scrutiny over features that can help identify China-linked users, sharpening concern inside China about where developer data goes and who can see it. Anthropic had not immediately responded to the request for comment.

The episode has quickly become more than a product security dispute. It sits inside a wider contest between the United States and China over who gets to define AI trust, software risk and the standards that multinational firms must meet before they can deploy enterprise tools across borders. Beijing has been increasingly sensitive to software and cloud products that can reveal location, identity or development activity, while U.S. AI companies are under pressure to prove their systems are safe enough for corporate environments around the world.

Related photo
Source: rappler.com

For developers and multinational companies, the immediate question is whether Claude Code can be trusted in environments that handle proprietary code, internal credentials and cross-border data flows. If Chinese regulators and major employers treat the tool as a security liability, the fallout could extend beyond one vendor and make enterprise adoption of American AI coding tools harder to justify in China and in other markets watching Beijing’s response.

technologyChinaAnthropic Claude Code