China’s cybersecurity authorities have raised a formal alarm about a potential security vulnerability in Anthropic’s AI-assisted coding tool, Claude Code. In a notice posted on its WeChat account, the National Vulnerability Database described the issue as a serious "backdoor" risk, saying a built-in monitoring mechanism could send sensitive data to remote servers without users’ consent.
The advisory specifies that the vulnerability affects Claude Code versions 2.1.91 through 2.1.196. According to the notice, the monitoring mechanism is capable of transmitting information that includes users’ geographic location and identity-related identifiers to external servers.
The database urged organizations and individual users to immediately evaluate systems running the impacted releases. It recommended either uninstalling the affected versions or upgrading to the latest secure release in which the alleged backdoor code has been removed.
Beyond removal or upgrade, the advisory called on organizations to strengthen operational controls. Recommended measures include tightening external network access for development tools and enhancing traffic monitoring on core business networks to help prevent unauthorized transfers of sensitive information.
Following scrutiny of the tool’s features, China’s Alibaba has banned employees from using Claude Code at work. The company’s decision came after concerns were raised about capabilities that could assist in identifying China-linked users.
Anthropic responded to the reports by saying that what has been described as a "backdoor" is in fact an experimental anti-abuse mechanism. The company also stated that access to Claude is not permitted in China.
Key points
- The National Vulnerability Database identified a potential monitoring mechanism in Claude Code that can transmit geographic and identity-related data to remote servers.
- The warning applies to Claude Code versions 2.1.91 through 2.1.196; affected users were advised to uninstall or update to a secure release.
- Alibaba has prohibited employee use of Claude Code at work; Anthropic says the code is an experimental anti-abuse feature and that Claude is not available in China.
Risks and uncertainties
- Potential unauthorized transfer of sensitive user data - this presents a direct cybersecurity risk for enterprises using affected development tools.
- Operational disruption for organizations that adopt stringent network controls or remove impacted software - IT and developer productivity may be affected.
- Regulatory and reputational exposure for software vendors and platform users if sensitive data transfers are confirmed - relevant for technology and enterprise software sectors.