China issues 'backdoor' security alert over Anthropic's Claude Code
Alibaba had already banned the AI coding tool for employees over alleged security concerns.

Image by Cybernews.
- China's National Vulnerability Database warned that Anthropic's Claude Code contains a backdoor that transmits user location and identity data without consent.
- The alert affects Claude Code versions 2.1.91 through 2.1.196, with China urging immediate uninstall or upgrade to secure versions.
- China's Alibaba has already banned employees from using Claude Code, directing them to use the company's own Qoder platform instead.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
A cybersecurity platform operated by China's industry ministry warned that it had identified a serious security "backdoor" risk in Anthropic's AI coding tool, Claude Code.
China's National Vulnerability Database (NVDB) is warning of security backdoor vulnerabilities in the AI coding tool Claude Code.
The NVDB is a national cyber-security repository operated by the Ministry of Industry and Information Technology (MIIT).
In a statement posted on its WeChat account, the NVDB said Claude Code contains a built-in monitoring mechanism capable of transmitting sensitive information, including users' geographic location and identity-related identifiers. It could remote servers without users' consent.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
The warning applies to the Anthropics’ Claude Code versions 2.1.91 through 2.1.196.
NVDB advised that organizations and users should immediately review affected systems and either uninstall the impacted versions or upgrade to the latest secure release in which the alleged backdoor code has been removed.
It also urged organizations to tighten controls on external network access for development tools and strengthen traffic monitoring on core business networks to prevent the unauthorized transfer of sensitive data.
Check if your data has been leaked
Last week, Cybernews reported that China's Alibaba has banned employees from using Claude Code at work. The tool drew scrutiny for features that according to Reuters could help identify China-linked users.
Instead, employees were told to use the company's own coding platform Qoder.
Anthropic did not immediately reply to a Reuters request for comment.