
Anthropic’s AI coding assistant, Claude Code, is facing increased regulatory scrutiny after Chinese authorities issued a cybersecurity warning alleging that certain versions of the software contain what they describe as a “backdoor” capable of transmitting user-related information to Anthropic’s servers without users’ knowledge.
The warning, issued on July 8 through China’s National Vulnerability Database (NVDB), which operates under the Ministry of Industry and Information Technology, marks one of the most significant regulatory actions taken against a foreign AI coding tool to date.
The advisory alleges that affected versions of Claude Code contain a hidden mechanism that could collect information such as users’ geographic indicators, time zones and identity-related metadata before transmitting that data to remote servers.
Chinese authorities described the issue as posing a serious cybersecurity risk and urged organizations to immediately inspect their systems, remove affected versions or upgrade to newer releases where the code has reportedly been removed. For more information on the advisory, readers can refer to the Reuters report on China’s cybersecurity warning.
The allegations have intensified an already strained relationship between Anthropic and Chinese technology companies.
According to reports, Chinese technology giant Alibaba has instructed employees to stop using Claude Code, citing security concerns surrounding the alleged monitoring mechanism. Employees have reportedly been directed to use Alibaba’s own AI coding platform instead. Reuters reported that the internal ban forms part of a broader dispute between the two companies as competition in artificial intelligence continues to intensify.
Anthropic has rejected the characterization of the feature as a backdoor. The company says the code was introduced as a temporary anti-abuse measure rather than a surveillance mechanism.
According to statements attributed to Claude Code engineer Thariq Shihipar, the feature was launched in March to help identify unauthorized resellers and limit efforts to extract or reproduce Claude’s capabilities through model distillation.
Anthropic also noted that Claude Code has never been officially authorized for use in China because of existing access restrictions, and said the experimental mechanism has since been removed from newer releases.
The dispute unfolds against a backdrop of growing competition between the United States and China over artificial intelligence. Earlier this year, Anthropic accused several Chinese AI developers of attempting to reproduce Claude’s capabilities through a process known as model distillation.
The company alleged that fake accounts were used to generate large volumes of interactions with Claude in an effort to train competing AI systems. Reuters reported that Anthropic described the activity as an attempt to illicitly extract its model capabilities, allegations that further deepened tensions between the companies.
Despite Anthropic’s restrictions on access from China, Claude Code has remained popular among some developers in the country through the use of virtual private networks and proxy services.
Anthropic says the disputed detection mechanism was designed to identify unauthorized access rather than collect user data for surveillance purposes. Chinese regulators, however, argue that any undisclosed transmission of user-related information constitutes a significant security concern requiring immediate action.
The controversy highlights the growing importance of transparency in AI development tools. As coding assistants become more deeply integrated into software development workflows, regulators are increasingly examining how these applications collect, process and transmit data.
Questions surrounding telemetry, cross-border data transfers and software supply-chain security are becoming central issues for organizations adopting AI-powered development tools.
China’s advisory also reflects a broader trend of governments taking a closer look at foreign-developed AI technologies operating within their jurisdictions. Rather than focusing solely on the capabilities of AI models, regulators are expanding their attention to how these tools interact with user systems, what information they collect and whether those practices comply with national cybersecurity and privacy requirements.
For businesses and software development teams, the episode serves as a reminder to evaluate AI tools beyond their productivity benefits. Security experts generally recommend keeping development software updated, understanding what telemetry is collected, monitoring outbound network activity where appropriate and ensuring that AI tools comply with applicable organizational and regulatory requirements.
Organizations can also consult guidance from the Open Worldwide Application Security Project (OWASP) on secure software development practices and the U.S. National Institute of Standards and Technology (NIST) for cybersecurity frameworks relevant to software supply-chain security.
While the allegations have attracted significant attention, no public consensus has emerged supporting China’s claim that Claude Code contains a malicious backdoor.
Chinese regulators continue to describe the disputed functionality as a serious security vulnerability, while Anthropic maintains that it was a temporary anti-abuse feature that has already been removed.
Discover more from Aree Blog
Subscribe now to keep reading and get access to the full archive.


