TLDR China’s National Vulnerability Database flagged a backdoor risk in Claude Code versions 2.1.91 through 2.1.196 The alleged backdoor could transmit users’ locationTLDR China’s National Vulnerability Database flagged a backdoor risk in Claude Code versions 2.1.91 through 2.1.196 The alleged backdoor could transmit users’ location

China Says Anthropic’s Coding Tool Was Secretly Sending Your Data — Here’s What We Know

2026/07/08 20:47
3 min read
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

TLDR

  • China’s National Vulnerability Database flagged a backdoor risk in Claude Code versions 2.1.91 through 2.1.196
  • The alleged backdoor could transmit users’ location and identity data to Anthropic’s servers without consent
  • China’s NVDB urged organizations to uninstall affected versions or upgrade immediately
  • Alibaba banned employees from using Claude Code starting July 10 over the same security concerns
  • Anthropic engineer Thariq Shihipar confirmed the data tracking was an anti-abuse experiment, saying a fix was already being rolled out

China’s government-backed cybersecurity body has flagged a “security backdoor” in Anthropic’s AI coding tool Claude Code, urging users to uninstall it or update to the latest version.

The National Vulnerability Database (NVDB), which is linked to China’s Ministry of Industry and Information Technology, posted the warning on July 8 via its WeChat account.

China Says Anthropic’s Coding Tool Was Secretly Sending Your Data — Here’s What We Know

The NVDB said affected versions run from Claude Code 2.1.91 through 2.1.196. It claimed these versions could collect users’ geographic locations and identity-related data, then send that information to remote servers without user consent.

The agency called the issue a “severe threat” and told organizations to conduct a full system review right away.

Alibaba Bans Claude Code for Employees

Before the NVDB went public, Chinese tech giant Alibaba had already moved to restrict the tool internally. The company told employees last week that Claude Code would be banned for work use starting July 10, directing staff to use its own in-house coding assistant, Qoder, instead.

Alibaba cited the same backdoor security concerns flagged by the NVDB.

This adds another layer to the already strained relationship between Alibaba and Anthropic. Anthropic has previously accused Alibaba and other Chinese firms of using a technique called “distillation” — training smaller AI models on the outputs of more advanced ones — to copy its models’ capabilities.

Anthropic Engineer Responds

Anthropic has not issued a formal public response to China’s warning.

However, Claude Code engineer Thariq Shihipar addressed the issue on X last week after reports first surfaced in specialist tech media.

Shihipar said the data tracking was part of an experiment launched in March. The goal was to prevent account abuse from unauthorized resellers and to protect against model distillation.

Anthropic blocks users and companies in China and other countries it considers adversarial from accessing its products. Despite this, many Chinese developers continue to use Claude Code through VPN services and overseas proxy servers.

The NVDB also recommended that organizations tighten controls on external network access and increase traffic monitoring to prevent unauthorized data transfers.

As of the time of reporting, Anthropic had not responded to media requests for comment on the NVDB’s specific allegations.

The post China Says Anthropic’s Coding Tool Was Secretly Sending Your Data — Here’s What We Know appeared first on CoinCentral.

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

$5M in SPCX Positions for Free

$5M in SPCX Positions for Free$5M in SPCX Positions for Free

0 fees, 100x leverage, daily prizes, 7K+ stocks/ETFs