U.S. Has Repeatedly Issued Warnings About Chinese AI. Now Beijing Is Doing The Same
China has issued a security warning against U.S. artificial intelligence startup Anthropic’s Claude Code, claiming certain versions of the popular AI programming assistant contain a “backdoor” capable of transmitting sensitive user information without permission.
The warning was issued Wednesday by China’s Ministry of Industry and Information Technology (MIIT) through its National Vulnerability Database (NVDB), which said it had identified what it described as a serious security vulnerability in Claude Code versions 2.1.91 through 2.1.196.
According to the agency, the software contains a built-in monitoring mechanism that could send users’ geographic location and identity-related information to remote servers without their consent.
Chinese authorities urged organizations and developers using the affected versions to immediately uninstall the software or upgrade to the latest release. Anthropic’s website lists Claude Code version 2.1.204 as the current version, indicating the flagged versions were released between April 2 and June 29.
The cybersecurity platform also recommended that businesses strengthen controls over development tools connected to external networks and increase monitoring of outbound traffic to reduce the risk of sensitive data leaving corporate systems.
The warning comes amid growing tensions over access to advanced AI technologies. Last month, Anthropic accused Chinese technology giant Alibaba of attempting to extract or “distill” the capabilities of its AI models, an allegation the Chinese company did not publicly address at the time. Distillation refers to training a smaller AI model using the outputs of a more advanced system.
Although Anthropic officially blocks access to its products in China, developers and researchers have continued to use Claude through overseas cloud services, virtual private networks and other workarounds. The company’s coding assistant has developed a strong reputation among software engineers for its ability to work on code, making it especially attractive despite access restrictions.
The dispute intensified further after Chinese media and multiple reports confirmed that Alibaba instructed employees to stop using Anthropic’s AI tools for work beginning July 10. According to reports, the company classified Claude Code as high-risk software and encouraged employees to use its own AI coding platform instead.
The controversy surrounding Claude Code also follows reports that independent developers discovered hidden code designed to detect users potentially operating from China or connected to Chinese AI laboratories.
Anthropic later acknowledged the feature, with an employee saying it had been introduced as an “experiment” intended “to prevent account abuse from unauthorized resellers and protect against distillation.”
Hi, this is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation.
The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while. We merged the…
— Thariq (@trq212) June 30, 2026
Those revelations fueled criticism from some developers, who argued that undisclosed telemetry inside software with access to source code was essentially spyware regardless of purported intent. Anthropic has maintained that protecting its frontier AI models from unauthorized replication is a priority as global competition accelerates.