SOURCE / ECONOMY
China issues warning over backdoor security risks in Anthropic’s AI coding tool Claude Code
Published: Jul 08, 2026 03:12 PM
A screenshot of the website of China's National Vulnerability Database

A screenshot of the website of China's National Vulnerability Database



China's National Vulnerability Database (NVDB), a national cyber-security repository operated by the Ministry of Industry and Information Technology (MIIT), released a statement on Wednesday warning of security backdoor vulnerabilities in the AI coding tool Claude Code.

Recently, the NVDB detected a security backdoor vulnerability in Claude Code, an AI programming tool developed by the US-based Anthropic, which poses serious security risks, the statement said.

Claude Code is an AI programming tool developed by Anthropic, and it can autonomously complete tasks such as code writing and repairing based on user instructions.

Due to its built-in monitoring mechanism, the tool may transmit sensitive information, including the user's region and identity identifiers, to remote servers without the user's consent. According to the statement, the affected versions are Claude Code 2.1.91 through 2.1.196.

Also, the NVDB advised relevant organizations and users in China to conduct an immediate and comprehensive inspection.

Development terminals with the affected versions installed are suggested to uninstall them immediately or upgrade to the latest secure version that has removed the backdoor code. 

In addition, access controls and traffic monitoring for external connections from development tools within core business network segments should be ramped up to prevent the unauthorized exfiltration of sensitive data, according to the NVDB.

The move came as Chinese tech giant Alibaba has recently banned its employees from using Anthropic's Claude Code at work after the tool drew attention for features that can help identify China-linked users, according to a person familiar with the order, the Reuters reported on July 3.


Global Times