China’s National Vulnerability Database has issued a warning over alleged security risks in Anthropic’s AI coding assistant, Claude Code, claiming that certain versions of the software contain a “security backdoor” capable of transmitting sensitive information to the company’s servers without user consent. The warning has intensified scrutiny around the security and privacy implications of artificial intelligence development tools, particularly as AI coding assistants gain widespread adoption among developers and enterprises around the world.
According to the National Vulnerability Database, which operates under China’s Ministry of Industry and Information Technology, the alleged backdoor could allow the software to send data such as user locations and identity related identifiers back to Anthropic’s servers. The regulator stated that it had recently detected what it described as security backdoor risks in Claude Code and advised organizations and users to immediately inspect their systems and either uninstall affected versions or upgrade to a secure release where the relevant code has been removed. The agency also urged institutions to strengthen network traffic monitoring and implement measures to prevent unauthorized transmission of sensitive information. Claude Code is an AI powered coding assistant developed by Anthropic that enables users to generate code, review software, and debug applications through natural language prompts. Although Anthropic restricts access to its products in China and several other countries it considers adversarial, users in China can still access the service through virtual private networks and third party proxy services.
The allegations emerged in technology media reports last week, and Anthropic has not publicly responded to requests for comment on the claims made by Chinese authorities. However, Claude Code engineer Thariq Shihipar addressed reports on social media, explaining that the functionality in question was part of an experiment launched in March to combat account abuse by unauthorized resellers and to protect against model distillation, a process in which competing companies attempt to replicate the capabilities of advanced artificial intelligence systems. According to Shihipar, the company had already implemented stronger protections and was planning to remove the experimental functionality entirely in an upcoming software release.
The controversy has also had implications within China’s technology sector. Sources familiar with the matter said Chinese technology company Alibaba Group informed employees that the use of Claude Code would be prohibited beginning July 10 because of security concerns surrounding the software. The issue comes amid ongoing tensions between global artificial intelligence companies over data access, intellectual property, and model development practices. Anthropic has previously accused Alibaba of attempting to reverse engineer its AI models through distillation techniques. The latest allegations from Chinese regulators add another dimension to the growing debate over trust, transparency, and security in AI tools that are increasingly being integrated into software development workflows and enterprise environments worldwide.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.