TLDR
- Chinese National Vulnerability Database identified potential backdoor vulnerability in Claude Code versions spanning 2.1.91 to 2.1.196
- The security issue allegedly enabled transmission of user location and identification information to Anthropic servers without authorization
- Chinese NVDB recommended immediate uninstallation or version updates for affected organizations
- Alibaba implemented a company-wide prohibition on Claude Code usage effective July 10 due to security risks
- Anthropic engineer Thariq Shihipar acknowledged the tracking feature was part of an anti-abuse testing protocol and confirmed remediation deployment
A Chinese government-affiliated cybersecurity authority has issued an alert regarding a potential “security backdoor” discovered in Anthropic’s artificial intelligence coding assistant Claude Code, recommending immediate removal or software updates.
The National Vulnerability Database (NVDB), operating under China’s Ministry of Industry and Information Technology, published the advisory on July 8 through its official WeChat channel.
According to the NVDB, the vulnerability impacts Claude Code versions beginning with 2.1.91 and extending through 2.1.196. Officials allege these releases had capabilities to harvest users’ geographical positioning data and personally identifiable information, subsequently transmitting this data to external servers without obtaining proper user authorization.
The cybersecurity body characterized the vulnerability as representing a “severe threat” and instructed affected organizations to initiate comprehensive security audits immediately.
Alibaba Bans Claude Code for Employees
Prior to the NVDB’s public disclosure, Chinese technology conglomerate Alibaba had proactively implemented internal restrictions on the coding tool. The corporation informed its workforce last week that Claude Code would be prohibited for professional applications beginning July 10, instructing personnel to transition to its proprietary coding solution, Qoder.
Alibaba referenced identical backdoor security vulnerabilities cited by the NVDB in its internal communications.
This development further complicates the already tense dynamics between Alibaba and Anthropic. The AI company has previously leveled accusations against Alibaba and additional Chinese technology firms regarding their alleged use of “distillation” techniques — a process involving training compact AI systems using outputs from more sophisticated models — to replicate its proprietary model functionalities.
Anthropic Engineer Responds
Anthropic has yet to release an official statement addressing China’s security warning.
Nevertheless, Claude Code developer Thariq Shihipar commented on the matter via X last week following initial coverage in specialized technology publications.
Shihipar disclosed that the data collection mechanism was implemented as part of an experimental initiative launched in March. The stated objective involved preventing account misuse by unauthorized third-party resellers and safeguarding against model distillation practices.
“The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while,” Shihipar wrote. He added that a full rollback would be included in the next release.
Anthropic maintains restrictions preventing users and enterprises located in China and other nations it designates as adversarial from obtaining access to its products. Notwithstanding these limitations, numerous Chinese software developers maintain Claude Code usage through VPN connections and international proxy server infrastructure.
The NVDB additionally advised organizations to strengthen oversight of external network connectivity and enhance traffic surveillance measures to block unauthorized data exfiltration.
At publication time, Anthropic had not provided responses to media inquiries regarding the NVDB’s specific security allegations.


