Skip to main content
Kaino.dev
Discover
Evals
News
Academics
Insights
Kaino.dev

Discover, evaluate, and compare AI tools, models, and agents.

Explore

  • Discover
  • Evaluations
  • News
  • Academics
  • Insights

Community

  • Twitter
  • YouTube
  • Instagram
Privacy PolicyTerms of Service

© 2026 Kaino.dev. All rights reserved.

Version 1.1.0
China Flags ‘Backdoor’ Risk in Anthropic’s Claude Code; Anthropic Says Tool Was Not Authorized for China · News · Kaino
China Flags ‘Backdoor’ Risk in Anthropic’s Claude Code; Anthropic Says Tool Was Not Authorized for China
Kaino
5d agoJul 9, 2026, 12:00 AM0 views

China Flags ‘Backdoor’ Risk in Anthropic’s Claude Code; Anthropic Says Tool Was Not Authorized for China

Chinese cybersecurity authorities warned that some versions of Anthropic’s Claude Code may transmit location and identity-related data without authorization. Anthropic told AFP the mechanism cited was an anti-abuse check tied to unsupported-region enforcement, and said users in China were never authorized to use the...

agentsAnthropicClaude Code

China’s cybersecurity vulnerability platform warned that some versions of Anthropic’s Claude Code may pose a “backdoor” risk, prompting Anthropic to reject the characterization and describe the mechanism as part of its anti-abuse controls.

China’s warning targets older Claude Code versions

China Daily reported that the Network Security Threat and Vulnerability Information Sharing Platform, which operates under China’s Ministry of Industry and Information Technology, issued a security warning on July 8 about Anthropic’s Claude Code.

According to China Daily, the platform said Claude Code versions 2.1.91 to 2.1.196 may transmit information related to location and identity without user authorization. The warning characterized the issue as a potential “backdoor” risk.

Channel NewsAsia, citing AFP, also reported that China’s National Vulnerability Database warned about alleged risks in older versions of Claude Code. The CNA/AFP report said the Chinese warning focused on whether the coding tool could collect or transmit data that identifies users or their location.

Claude Code is Anthropic’s AI coding product, designed to help developers write, edit and understand software from a command-line environment. The Chinese warning comes amid broader scrutiny of foreign AI tools used in software development, particularly where code, credentials or enterprise systems may be involved.

Anthropic says the mechanism was an anti-abuse check

Anthropic told AFP, according to Channel NewsAsia, that the mechanism described by Chinese authorities was not a backdoor. The company said it was an anti-abuse check intended to detect routing from unsupported regions and related abuse patterns.

Anthropic also said users in China were never authorized to use Claude Code, CNA/AFP reported. That position is consistent with Anthropic’s own policy notice, “Updating restrictions of sales to unsupported regions,” in which the company says its terms prohibit use of its services in certain regions and that it strengthened restrictions for organizations controlled from unsupported jurisdictions, including China.

The company’s policy post frames those restrictions as compliance and risk-management measures. Anthropic says it does not support access in certain jurisdictions and has tightened controls around organizations that may be headquartered or controlled from unsupported regions.

Alibaba reportedly moved to block workplace use

Reuters, reported via Investing.com, said on July 3 that Alibaba had banned workplace use of Claude Code after scrutiny of features that could identify China-linked users. Reuters attributed the information to a person familiar with the order.

The Reuters report predates the July 8 warning described by China Daily and CNA/AFP, but it points to similar concerns: whether the coding assistant could detect or act on information linking users to China.

Alibaba did not become the only named company in the broader dispute through the available reports, but Reuters’ account suggests that at least one major Chinese technology employer treated the issue as significant enough to restrict internal use.

The dispute centers on access controls versus security risk

The core disagreement is over how to interpret software checks that identify unsupported-region use. Chinese sources described the behavior as a potential unauthorized data transmission risk. Anthropic described it to AFP as part of a system for enforcing service restrictions and preventing abuse.

Those interpretations have different implications. If a tool transmits location or identity-related data without clear authorization, enterprise security teams may view that as a data governance problem, especially in sensitive development environments. If the mechanism is limited to enforcing access rules and detecting policy violations, the vendor may argue it is a standard control rather than a backdoor.

The available reports do not include a public technical analysis of the exact data transmitted, the endpoints involved, or whether the behavior remains present in current Claude Code versions. China Daily identified the affected versions as 2.1.91 to 2.1.196, while CNA/AFP said the warning concerned older versions.

For developers and organizations, the immediate practical issue is not only the political dispute but also software supply-chain governance. AI coding tools can access source code, local development files and project context. That makes transparency over telemetry, region checks and enterprise controls especially important.

What is known so far

Based on the cited reports, Chinese authorities issued a warning about older Claude Code versions, Anthropic denied that the cited mechanism was a backdoor, and Reuters reported that Alibaba moved to ban workplace use of the tool. Anthropic’s own policy materials state that use from China and other unsupported jurisdictions is restricted.

What remains unclear from the public record is whether Chinese authorities or independent researchers will release enough technical detail to let outside experts verify the alleged risk. Until then, the dispute rests on competing descriptions from a Chinese vulnerability platform and Anthropic’s explanation to AFP.

Key takeaways
  • 1

    According to China Daily, the platform said Claude Code versions 2.1.91 to 2.1.196 may transmit information related to location and identity without user authorization.

  • 2

    The warning characterized the issue as a potential “backdoor” risk.

  • 3

    Channel NewsAsia, citing AFP, also reported that China’s National Vulnerability Database warned about alleged risks in older versions of Claude Code.

Continue reading

Latest from Kaino News

Story pulse

Freshness

5d ago

Views

0

Reading

4 min

Byline

Kainotomic Team

Utilities

Topics

agentsAnthropicClaude Code

Sources

Reference material and original reporting used in this story.

CNA/AFP

Published Jul 9, 2026, 12:00 AM

View source