Sunday, July 12, 2026

News

China Orders Uninstall of Claude Code After Backdoor Warning

PolicyPatryk Raba1
Fot. TechCrunch (Flickr), Wikimedia Commons (CC BY 2.0)

China's Ministry of Industry and Information Technology says Claude Code contains a backdoor-type vulnerability that sends user data without consent, and has ordered affected versions uninstalled. Alibaba has already banned employees from using the tool.

Contents
  1. Anthropic's Explanation
  2. Dispute With Alibaba
  3. Market Implications

China's Ministry of Industry and Information Technology announced that its cybersecurity platform detected a backdoor-type vulnerability in Anthropic's Claude Code tool, which it described as a serious threat. The ministry ordered users to uninstall or update the affected versions of the program.

According to the Chinese ministry, the autonomous coding tool was transmitting data identifying the user in the background without their knowledge or consent. The warning covered a specific range of product versions released over three months, suggesting the mechanism had been active for some time before coming under official scrutiny.

Anthropic's Explanation

Anthropic did not deny the mechanism's existence but rejected calling it a backdoor. The company acknowledged the feature was an experiment launched in March, intended to curb account abuse by unauthorized resellers and protect against distillation, meaning the training of weaker models on the outputs of stronger competing systems.

The team has since rolled out stronger safeguards, and we were planning to phase out this feature anyway - Thariq Shihipar, Anthropic

Dispute With Alibaba

The Chinese ministry's warning comes amid a tense dispute between Anthropic and Alibaba. In a letter to two US senators dated June 10, Anthropic accused entities linked to the Chinese conglomerate of carrying out the largest distillation attack it has ever detected, using roughly 25,000 fake accounts to make nearly 28.8 million queries to Anthropic's models over six weeks.

In response, Alibaba classified Claude Code as high-risk software and, starting July 10, banned employees from using it at work, ordering them to switch to its own tool, Qoder. The company cited the disclosed user-identification mechanism as evidence of a security threat.

Market Implications

The dispute shows how deeply the US-China tech rivalry has already seeped into the level of individual programming tools used daily by engineers. The Chinese ministry's official stance, with a specific version range and an uninstall order, gives the case far greater weight than earlier reports based solely on security researchers' findings published on Reddit and GitHub.

For companies using AI coding tools, including in Poland, the case is a reminder that coding agents have access to developers' local environments and may collect telemetry data beyond their stated scope along the way. It's worth checking which tool versions are in use across teams and whether the vendor clearly communicates the scope of data collected.

Tensions between Anthropic and Chinese companies could intensify further, given the growing competition for access to advanced AI models despite formal export restrictions and company policies barring sales to China.

Sources: Tom's Hardware (tomshardware.com), TechRadar (techradar.com), TechCrunch (techcrunch.com), CNBC (cnbc.com)

Share: