OPINION / EDITORIAL
Beware the 'Trojan horse' lurking in the era of AI: Global Times editorial
Published: Jul 09, 2026 11:57 PM
Claude Code Photo: VCG

Claude Code Photo: VCG


In the era of artificial intelligence (AI), the security of development tools is directly tied to a country's digital sovereignty. The Claude Code incident has emerged as the "Trojan horse" of the AI era. It has once again sounded the alarm: There can be no genuine security without independent and controllable capabilities across the entire hardware and software supply chains.


Recently, China's National Vulnerability Database (NVDB), a national cyber-security repository operated by the Ministry of Industry and Information Technology (MIIT), released a statement warning of security backdoor vulnerabilities in Claude Code, an AI programming tool developed by US AI company Anthropic, posing significant potential harm. 

Multiple versions of the tool released between April and June were found to transmit users' sensitive information to remote servers without their consent. The MIIT advised relevant organizations and users to immediately conduct checks, uninstall the tool, or upgrade to a secure version. This serves not only as a security warning to domestic market entities but also sounds another alarm for global AI governance.

Mounting evidence suggests that this "backdoor" was deliberately designed and installed. A report by The Washington Post on Monday explicitly stated: "In March, artificial intelligence company Anthropic quietly deployed software to spy on China-based customers of its popular coding chatbot Claude Code." It was not until a developer, after carefully dissecting the code, discovered that the tool secretly contained a "sentinel system" capable of transmitting sensitive information - such as location and identity markers - back to remote servers without the user's knowledge. To put it simply, it's like inviting a repairman into your home, only for him to secretly go through your documents and personal belongings while you're not looking, then pass the information to accomplices waiting outside - all without you having any idea.

So, who exactly is the real "Trojan horse" lurking in the digital world? Some Western politicians frequently claim without evidence that Chinese AI models could cause "data leaks" or "software supply chain threats," even falsely labeling them as "Trojan horses" that endanger national security. They deliberately pin the label of "AI security risk" on China, yet have never provided any solid evidence to support their claims. After the incident came to light, a Claude Code team member defended it on social media as an experiment that was intended to prevent account abuse and detect possible AI model distillation. This explanation is utterly unconvincing. "Distillation" is a common practice in the AI industry. If it was truly just about preventing abuse, why not inform users openly? Why hide the functionality with obfuscated code and steganography? This is blatant hypocrisy and double standards.

Over the past two years, AI has evolved beyond relatively simple, closed large language model chatbots into sophisticated AI agent applications. Today's AI agents have gained "hands and feet" - they can formulate plans, deploy tools, and execute tasks on their own. That also means their mistakes are no longer limited to generating inaccurate text; they could delete an entire software project or transfer funds out of a bank account. 

It is estimated that by the end of 2026, 40 percent of enterprise applications worldwide are expected to incorporate AI agents capable of executing tasks. This means AI development tools are becoming a critical part of the supply chain. If software infrastructure is implanted with hidden backdoors, the resulting risks could be just as serious as hardware vulnerabilities in computer chips. The MIIT's latest warning reflects its strong emphasis on supply chain security: In the era of AI, the security of development tools is directly tied to a country's digital sovereignty.

From institutional design to corporate actions, China is building a comprehensive security framework covering the entire AI industry chain, and is accelerating efforts to achieve greater self-reliance and control across every layer of the AI ecosystem, including development tools, foundation models, and computing infrastructure. Even before the Claude Code incident, the MIIT and other authorities had repeatedly warned about security risks associated with AI tools. 

In March, for example, regulators issued a risk alert concerning the OpenClaw AI agent. Then in May, three government agencies jointly released the implementation guidelines to promote the standardized application and innovative development of AI agents, explicitly calling for stronger safeguards against security risks throughout the AI agent lifecycle.

China's efforts benefit not only itself but also the broader international community. China's open-source foundation models continue to grow in capability. Unlike last year, when DeepSeek's meteoric rise prompted global discussions about the potential of open source, Chinese open-source foundation models have this year won a much broader following on the strength of their proven capabilities. 

Most recently, overseas observers have described Chinese AI company Zhipu AI's release of GLM-5.2 as a second "DeepSeek moment," noting that its performance is comparable to Anthropic's Opus 4.8 while costing only about one-fifth as much. For countries around the world, including developed economies, and especially those in the Global South, China's open-source AI is increasingly becoming an attractive, and in some cases indispensable, alternative. This means that all parties can share more equitably in the benefits of the AI revolution.

AI is a powerful double-edged sword. It represents both the frontier of technological competition and the front line of national security. In the strategic field of AI, which concerns the future, a major country must never harbor any illusions or place its own development in the hands of others. 

The Claude Code incident has once again sounded the alarm: There can be no genuine security without independent and controllable capabilities across the entire hardware and software supply chains.