News
China Warns of Backdoor in Claude Code, Anthropic Admits to Hidden Tracking Code
China's Ministry of Industry and Information Technology says Claude Code contains a flaw that lets it send user data without consent. Anthropic confirmed it built in a hidden tracking mechanism, but says it was meant to stop illegal model copying, not to spy on users.
Contents
China's Ministry of Industry and Information Technology announced on Wednesday that Claude Code, a tool from Anthropic popular among developers, contains a security vulnerability it described as a serious threat. According to China's national cybersecurity vulnerability platform, the application was sending users' location and identity data to remote servers without their knowledge or consent.
What Beijing Alleges
In a notice published via MIIT's national vulnerability database, the ministry said Claude Code contains a built-in monitoring mechanism capable of transmitting sensitive information to external servers without user consent, including location and identity data. The ministry recommended immediately uninstalling the application or updating to the latest secure version, and strengthening controls over external access permissions to prevent unauthorized data transmission.
This is the first such sharply worded official statement from the Chinese government aimed directly at a specific tool from a US AI company since tensions between Washington and Beijing over technology escalated. Claude Code, though not officially available in China, is highly popular there among developers who access it through foreign accounts and VPN servers.
Anthropic's Response
Anthropic did not deny the mechanism exists, but offered a very different account of its purpose. The company acknowledged that earlier this year it introduced experimental code for tracking location, intended to curb illegal model distillation, the practice of using Claude's responses to train competing AI systems without a license.
At the same time, Anthropic stressed that under its own policy, use of Claude has never been permitted by entities majority-owned by companies headquartered in China. In other words, the company suggests that the sheer scale of use of the tool by Chinese developers already violated its terms of service, regardless of the disputed mechanism.
Claude Code contains a backdoor-type security vulnerability that poses a serious threat - statement from China's Ministry of Industry and Information Technology
Market and Alibaba React
The dispute immediately translated into business decisions. Alibaba, one of China's largest technology conglomerates, ordered its employees to stop using Anthropic's tools at work starting July 10, 2026. That signals Chinese tech companies are treating the ministry's warning as binding guidance, not merely a media incident.
The case highlights a broader problem facing Western AI companies: models and tools like Claude Code are used globally, including in countries where they are not formally licensed to operate, and attempts to protect intellectual property, such as guarding against distillation, can be read as privacy violations or even industrial espionage.
What It Means for Companies Using Claude
For companies and developers outside China, the practical risk is limited, since the mechanism applied to specific versions released between April and June 2026 and was described by Anthropic itself as an anti-distillation measure rather than a general user-surveillance tool. Still, the episode shows that AI model providers can build telemetry mechanisms into their tools without clearly informing users, which should prompt corporate security teams to review policies governing AI tools used by development teams.
The incident also lands on geopolitically sensitive ground, where both the US and China increasingly treat AI tools as part of a technological rivalry rather than purely commercial products. Further Chinese audits of other Western AI coding tools popular among local developers can be expected.
Sources: China warns about AI risks with Anthropic's Claude Code (cnbc.com), China warns of 'backdoor' security risk in Anthropic's Claude Code (cybernews.com), Anthropic hits back after China warns of Claude Code 'backdoor' risks (scmp.com)


