Overview
- China’s National Vulnerability Database on Wednesday named Anthropic Claude Code versions 2.1.91 through 2.1.196 as carrying a client‑side monitoring mechanism that the agency said could send location and identity data to remote servers without user consent.
- The NVDB advised organisations and users to uninstall the affected releases or upgrade immediately and to tighten external network access and traffic monitoring for developer tools.
- Alibaba had already placed Claude Code on a high‑risk list and told employees to stop using it for work from July 10, citing the same security concerns.
- Anthropic engineers have said the marker was part of an anti‑abuse experiment launched in March to detect resellers and large‑scale model distillation, and the company removed the marker in a July 1 build, but Anthropic has not issued a new public response to the NVDB advisory.
- The episode ties technical risks to geopolitics: many Chinese developers use Claude via VPNs, Anthropic alleges a roughly 25,000‑account distillation campaign against its models, and the dispute could accelerate corporate bans, stricter network policies, and adoption of auditable local AI stacks.