China warns users of alleged 'security backdoor vulnerabilities' in Anthropic's Claude Code, tells users to uninstall for sfaety reasons

Security News

China warns users of alleged ‘security backdoor vulnerabilities’ in Anthropic’s Claude Code, tells users to uninstall for sfaety reasons

Credit: The original article is published here.
  • China’s National Vulnerability Database warns Claude Code contains spyware
  • Alibaba recently banned Claude use internally over user tracking fears
  • Anthropic says it’s designed to prevent model distillation and illegal use

China has accused Anthropic’s Claude Code of containing what it describes as “security backdoor vulnerabilities” after the country’s National Vulnerability Database (CNVDB) found mechanisms capable of transmitting user information to Anthropic servers without explicit user permission.

Researchers accuse the software vendor of collecting information like user identity, geographic location, system environment information and other machine metadata.

The alleged “backdoor” presents risks of data leakage, IP exposure and other enterprise risks, hence Alibaba’s recent decision to ban Claude Code internally.

China backs Alibaba’s accusations regarding Claude Code, Anthropic

Alibaba engineers reverse engineered Claude Code to reveal checks for Chinese system time zones, proxy servers, AI lab infrastructure and network characteristics.

Chinese authorities are now advising users to uninstall vulnerable releases to upgrade to newer versions that remove or alter this behavior. CNVDB claims versions 2.1.91 to 2.1.196 are affected,

While Anthropic has rejected claims that Claude Code contains malicious spyware or an intentional espionage backdoor, it has admitted that those functionalities do admit, framing the purpose as an anti-abuse experiment. Anthropic has been worried about unauthorized resale and model distillation, which it has already accused Alibaba of doing.

VPNs, proxies, cloud workarounds and international subsidiaries have also sprung up to give developers access to the otherwise restricted tools, hence Anthropic’s work to block access where it’s restricted.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Leave a Reply

Your email address will not be published. Required fields are marked *