Particle.news

China Flags Backdoor Risk in Specific Claude Code Releases

The National Vulnerability Database warned the flagged builds pose an enterprise security and cross‑border trust risk, likely prompting tighter network controls and moves to auditable domestic AI tools.

Overview

  • China’s National Vulnerability Database on Wednesday named Anthropic Claude Code versions 2.1.91 through 2.1.196 as carrying a client‑side monitoring mechanism that the agency said could send location and identity data to remote servers without user consent.
  • The NVDB advised organisations and users to uninstall the affected releases or upgrade immediately and to tighten external network access and traffic monitoring for developer tools.
  • Alibaba had already placed Claude Code on a high‑risk list and told employees to stop using it for work from July 10, citing the same security concerns.
  • Anthropic engineers have said the marker was part of an anti‑abuse experiment launched in March to detect resellers and large‑scale model distillation, and the company removed the marker in a July 1 build, but Anthropic has not issued a new public response to the NVDB advisory.
  • The episode ties technical risks to geopolitics: many Chinese developers use Claude via VPNs, Anthropic alleges a roughly 25,000‑account distillation campaign against its models, and the dispute could accelerate corporate bans, stricter network policies, and adoption of auditable local AI stacks.