Thursday, July 9, 2026

News

China Warns of Backdoor in Claude Code, Anthropic Admits to Location Tracking

PolicyPatryk Raba

China's industry ministry warned of a security vulnerability in Anthropic's Claude Code, and Anthropic confirmed that hidden code tracked users' locations, explaining it as an experiment against illegal model distillation.

Contents
  1. What Anthropic admitted
  2. Alibaba responds, tensions escalate
  3. Why it matters for businesses using AI

China's Ministry of Industry and Information Technology has announced that its cyber threat detection platform found a serious security vulnerability, described as a backdoor, in Anthropic's Claude Code developer tool. According to the ministry, the tool could send sensitive data, including a user's location and identity, to a remote server without consent.

The case has a longer backstory. In June, Anthropic sent a letter to the US Senate Banking Committee accusing Alibaba of what it called illegally extracting the capabilities of its models, in the largest known distillation attack against the company. Days later, security researchers published evidence on Reddit and GitHub showing that Claude Code contained a hidden mechanism that checked whether a user was located in China or affiliated with a Chinese AI lab.

What Anthropic admitted

Anthropic spokesperson Thariq Shihipar described the hidden code as an experiment launched in March 2026, intended to prevent account abuse by unauthorized resellers and to guard against model distillation. He also acknowledged that the team had been planning to retire the mechanism for some time and has since strengthened other safeguards.

This was an experiment we ran in March to prevent account abuse by unauthorized resellers and protect against distillation. The team has since rolled out stronger safeguards, and we had been planning to retire this mechanism for a while - Thariq Shihipar, Anthropic

Alibaba responds, tensions escalate

Alibaba, having classified Claude Code as high-risk software, has instructed employees to switch to its own tool, Qoder, starting July 10, 2026. This is a direct response to Anthropic's distillation accusations, but it also signals that Chinese tech companies are increasingly treating American AI tools as a threat to corporate data security, not merely a business risk.

The official MIIT warning issued on July 8 elevates the dispute to the state level. What was previously a conflict between two tech companies is now formally acknowledged by the Chinese government, which is recommending that users uninstall or update the tool. This is one of the first instances of a major country's regulator issuing an official security warning targeting a specific tool from a US AI lab.

Why it matters for businesses using AI

The case shows how thin the line is between protecting a model's intellectual property and surveilling users. Anthropic defends itself by arguing the mechanism was meant to protect the company from unauthorized copying of its models' capabilities, but the fact that the code tracked location and identity without users' knowledge raises questions about transparency standards in AI-powered developer tools, well beyond China.

For companies using Claude Code, including in Poland and Europe, the case is a warning sign. It is worth checking whether the version in use falls within the 2.1.91-2.1.196 range flagged by Chinese authorities, and following Anthropic's further statements on removing the disputed mechanism from the code.

The conflict fits into the broader context of US-China technological rivalry in AI, where accusations of model distillation, export restrictions, and security checks on developer tools are becoming part of the everyday geopolitical game, not just corporate legal disputes.

Sources: CNBC (cnbc.com), CBS News (cbsnews.com), South China Morning Post (scmp.com), Cybernews (cybernews.com)

Share: