China's National Vulnerability Database (NVDB) issued a warning on Wednesday about a 'security backdoor' in versions of Anthropic's AI coding tool, Claude Code. The regulator claimed the tool could transmit sensitive user data, including locations and identity details, to Anthropic's servers without consent. The affected versions range from 2.1.91 to 2.1.196, released between April 2 and June 29. The NVDB urged users to uninstall or upgrade to the latest version, 2.1.204, and strengthen network monitoring.
Chinese tech giant Alibaba banned Claude Code for employees starting July 10, citing security concerns. This follows Anthropic's earlier accusation that Alibaba reverse-engineered its AI models. Claude Code engineer Thariq Shihipar responded to reports of data tracking in a post on X.
Anthropic has not officially commented on the allegations. The tool is blocked in China but remains accessible via VPNs or proxies.