Chinese cybersecurity authorities warned that some versions of Anthropic’s Claude Code may transmit location and identity-related data without authorization. Anthropic told AFP the mechanism cited was an anti-abuse check tied to unsupported-region enforcement, and said users in China were never authorized to use the...
China’s cybersecurity vulnerability platform warned that some versions of Anthropic’s Claude Code may pose a “backdoor” risk, prompting Anthropic to reject the characterization and describe the mechanism as part of its anti-abuse controls.
China Daily reported that the Network Security Threat and Vulnerability Information Sharing Platform, which operates under China’s Ministry of Industry and Information Technology, issued a security warning on July 8 about Anthropic’s Claude Code.
According to China Daily, the platform said Claude Code versions 2.1.91 to 2.1.196 may transmit information related to location and identity without user authorization. The warning characterized the issue as a potential “backdoor” risk.
Channel NewsAsia, citing AFP, also reported that China’s National Vulnerability Database warned about alleged risks in older versions of Claude Code. The CNA/AFP report said the Chinese warning focused on whether the coding tool could collect or transmit data that identifies users or their location.
Claude Code is Anthropic’s AI coding product, designed to help developers write, edit and understand software from a command-line environment. The Chinese warning comes amid broader scrutiny of foreign AI tools used in software development, particularly where code, credentials or enterprise systems may be involved.
Anthropic told AFP, according to Channel NewsAsia, that the mechanism described by Chinese authorities was not a backdoor. The company said it was an anti-abuse check intended to detect routing from unsupported regions and related abuse patterns.
Anthropic also said users in China were never authorized to use Claude Code, CNA/AFP reported. That position is consistent with Anthropic’s own policy notice, “Updating restrictions of sales to unsupported regions,” in which the company says its terms prohibit use of its services in certain regions and that it strengthened restrictions for organizations controlled from unsupported jurisdictions, including China.
The company’s policy post frames those restrictions as compliance and risk-management measures. Anthropic says it does not support access in certain jurisdictions and has tightened controls around organizations that may be headquartered or controlled from unsupported regions.
Reuters, reported via Investing.com, said on July 3 that Alibaba had banned workplace use of Claude Code after scrutiny of features that could identify China-linked users. Reuters attributed the information to a person familiar with the order.
The Reuters report predates the July 8 warning described by China Daily and CNA/AFP, but it points to similar concerns: whether the coding assistant could detect or act on information linking users to China.
Alibaba did not become the only named company in the broader dispute through the available reports, but Reuters’ account suggests that at least one major Chinese technology employer treated the issue as significant enough to restrict internal use.
The core disagreement is over how to interpret software checks that identify unsupported-region use. Chinese sources described the behavior as a potential unauthorized data transmission risk. Anthropic described it to AFP as part of a system for enforcing service restrictions and preventing abuse.
Those interpretations have different implications. If a tool transmits location or identity-related data without clear authorization, enterprise security teams may view that as a data governance problem, especially in sensitive development environments. If the mechanism is limited to enforcing access rules and detecting policy violations, the vendor may argue it is a standard control rather than a backdoor.
The available reports do not include a public technical analysis of the exact data transmitted, the endpoints involved, or whether the behavior remains present in current Claude Code versions. China Daily identified the affected versions as 2.1.91 to 2.1.196, while CNA/AFP said the warning concerned older versions.
For developers and organizations, the immediate practical issue is not only the political dispute but also software supply-chain governance. AI coding tools can access source code, local development files and project context. That makes transparency over telemetry, region checks and enterprise controls especially important.
Based on the cited reports, Chinese authorities issued a warning about older Claude Code versions, Anthropic denied that the cited mechanism was a backdoor, and Reuters reported that Alibaba moved to ban workplace use of the tool. Anthropic’s own policy materials state that use from China and other unsupported jurisdictions is restricted.
What remains unclear from the public record is whether Chinese authorities or independent researchers will release enough technical detail to let outside experts verify the alleged risk. Until then, the dispute rests on competing descriptions from a Chinese vulnerability platform and Anthropic’s explanation to AFP.
According to China Daily, the platform said Claude Code versions 2.1.91 to 2.1.196 may transmit information related to location and identity without user authorization.
The warning characterized the issue as a potential “backdoor” risk.
Channel NewsAsia, citing AFP, also reported that China’s National Vulnerability Database warned about alleged risks in older versions of Claude Code.
Continue reading