News
China Warns of 'Backdoor' in Claude Code, Anthropic Defends Experiment
China's Ministry of Industry and Information Technology announced that the Claude Code development tool was sending user data without consent. Anthropic admits it was an experiment meant to protect the model from being copied by competitors, including Alibaba.
China's National Vulnerability Database, operated under the Ministry of Industry and Information Technology, announced on July 8 that the Claude Code coding assistant contained a mechanism allowing user data to be sent to remote servers without consent. Anthropic confirmed that such a mechanism did exist, but described it as an experiment intended to protect the model from unauthorized copying, not as malicious behavior.
According to the Chinese regulator, the disputed mechanism collected users' location and identifying data and transmitted it to Anthropic's servers without notifying the users themselves. The National Vulnerability Database classified it as a backdoor-class security flaw, meaning an access mechanism hidden from the end user. The recommendation was unambiguous: companies and institutions using the affected versions should uninstall them or update to the latest release.
Anthropic's Response
Anthropic did not deny the mechanism existed, but offered a different account of its purpose. According to the company, it was meant to guard against distillation, the practice in which a competing firm uses a model's outputs to train its own, cheaper system based on someone else's research work. Checking users' location and identity was meant to help catch unauthorized resellers who were reselling access to Claude Code in circumvention of licensing and geographic restrictions.
This was an experiment launched in March meant to prevent abuse by unauthorized resellers and protect against distillation - Thariq Shihipar, Anthropic engineer
Shihipar said the team has since rolled out more effective safeguards and plans to remove the disputed mechanism entirely in the tool's next release. Anthropic declined to give an official comment to the AFP news agency, however, leaving some questions unanswered, including exactly how the data was used and whether it went solely to internal systems or also to external partners.
Rivalry With Alibaba
The case erupted against the backdrop of a growing dispute between Anthropic and China's Alibaba Group. A month earlier, Anthropic had accused Alibaba of trying to extract its model's capabilities through distillation, even though Claude is not officially available in China. Alibaba responded by banning its employees from using Claude Code starting July 10 and directing them instead to its own Qoder coding platform, developed in-house as a Chinese counterpart to American coding tools.
Anthropic's usage policies have long barred access to Claude for entities majority-owned by China-based companies. In practice, though, access to the tool is often still possible via VPNs and proxy servers, which complicates enforcement of those restrictions and explains why Anthropic was monitoring user location in the first place.
What It Means for Developers
For Claude Code users outside China, the episode is mainly a reputational and practical matter: it shows that AI coding tools can contain telemetry mechanisms operating without explicit consent, even when the creator's intent was to fight abuse rather than to spy on users. Companies running Claude Code in environments with strict data security policies should check whether they are using a version in the 2.1.91 to 2.1.196 range and consider updating to the latest release, in which Anthropic says it will remove the disputed mechanism.
The case also fits into the broader US-China technological rivalry for dominance in artificial intelligence. American companies, including Anthropic and OpenAI, are increasingly deploying mechanisms that block Chinese entities from accessing their newest models, citing export restrictions and intellectual property protection. Beijing, for its part, is using its own regulatory bodies to publicly question the security of American tools, further fueling trade tensions around AI.
For Polish development teams using Claude Code, the episode is a reminder to keep an eye on AI tool changelogs and to treat such tools like any other third-party software with access to code repositories, meaning proper permission controls and network traffic monitoring, regardless of what the vendor claims.
Sources: CBS News (cbsnews.com), Cybernews (cybernews.com), CNBC (cnbc.com), South China Morning Post (scmp.com), TechRepublic (techrepublic.com)


