News
China's Regulator Formally Warns Against Anthropic's Claude Code
China's National Vulnerability Database, run by the Ministry of Industry and Information Technology, has issued a formal warning about a backdoor risk in Anthropic's Claude Code, covering versions 2.1.91 through 2.1.196. It marks an escalation of a dispute that had already led Alibaba to ban the tool for its own employees a week earlier.
The dispute over Claude Code has escalated to the state level. The National Vulnerability Database (NVDB), a cybersecurity platform run by China's Ministry of Industry and Information Technology, issued a formal warning on July 8 about a serious backdoor risk in Anthropic's coding tool. It is the first official government response to an affair that had already prompted Alibaba, a week earlier, to ban Claude Code for its own employees.
The affair began in late June, when a Reddit user decompiled Claude Code and found an obfuscated piece of code present since version 2.1.91, released April 2, that was never mentioned in the release notes. The code checked whether the system's time zone matched Shanghai or Urumqi, then compared the proxy server address against a hardcoded list of Chinese domains and AI lab names, including Alibaba, Baidu, Ant Group and ByteDance.
What Investigators Found
The discovery immediately drew a wave of criticism in China's tech community, since Claude Code is widely used by development teams in the region despite formal restrictions on access to Anthropic's services in China. The company explained that the mechanism was not an attempt at surveillance but part of an internal experiment meant to prevent abuse.
It was an experiment launched in March meant to prevent account abuse by unauthorized resellers and protect against model distillation - Thariq Shihipar, engineer on Anthropic's Claude Code team
Shihipar added on X that the team had long planned to remove this piece of code, and the corresponding pull request was merged on July 1. That explanation did not, however, reassure Chinese companies or regulators, for whom the key fact remains that the mechanism operated for three months without being disclosed in the documentation.
Escalation With Beijing
Alibaba was the first to act, adding Claude Code to its internal list of high-risk software and ordering employees to switch to the Chinese tool Qoder starting July 10. In an internal notice, the company stated outright that the tool had recently revealed a backdoor risk. Tensions between Alibaba and Anthropic had already been building, ever since Anthropic accused the Chinese company of distilling its models' capabilities on an industrial scale.
The NVDB warning carries different weight than a single company's decision. It is an official regulatory notice from a state platform under the Ministry of Industry, addressed to all organizations and individual users in China who use foreign development tools. The platform asked companies to immediately review their systems and remove or update versions covered by the warning.
Anthropic's Response and What's Next
Anthropic did not respond to Reuters' request for comment on the NVDB warning. The company already has a limited presence in China, where its services are formally unavailable, but Claude Code reached Chinese developers through third-party providers and proxy servers, making it one of the more popular foreign coding tools in the country despite the restrictions.
The case is a reminder of how easily a single undocumented piece of code can turn into a diplomatic and regulatory dispute between the world's two biggest AI powers. For companies using Claude Code outside China, the practical risk is limited, since Anthropic removed the mechanism a week before the warning was issued, but the episode undermines trust in the transparency of agentic tool providers more broadly.
For Polish companies and development teams using Claude Code, the episode is above all a lesson in the importance of reviewing changes to agentic tools that have broad access to code, repositories and company data. More and more organizations are introducing internal audit procedures for such tools before they reach production environments, and the Claude Code case could accelerate similar practices outside China as well.
Sources: China issues backdoor security alert over Anthropic's Claude Code (wtvbam.com), Alibaba bans staff from using Claude Code over Anthropic spyware concerns (scmp.com), China warns about AI risks with Anthropic's Claude Code (cnbc.com)


