Overview
- China’s National Vulnerability Database posted a public advisory on Wednesday naming Claude Code versions 2.1.91 through 2.1.196 and urging users to uninstall those releases or upgrade immediately because the code can transmit location and identity-related data to external servers without user consent.
- Anthropic engineer Thariq Shihipar has said the client-side marker was an anti-abuse experiment begun in March to detect resold access and model distillation, and the company removed the marker in a July 1 code change; Anthropic has not issued a new public response to the NVDB advisory.
- Alibaba told employees last week to stop using Claude Code for work starting July 10 and placed the tool on a high-risk list, a corporate reaction that preceded and lines up with the NVDB’s public warning.
- Security researchers say the flagged mechanism used hidden markers to report time zone, proxy and other signals that can fingerprint users, and experts warn coding assistants pose special enterprise risk because they run next to local source code and secrets, so agencies recommended tightening network controls and traffic monitoring.
- The alert escalates an ongoing commercial and technical dispute—Anthropic has accused operators tied to Alibaba of large-scale ‘distillation’ using roughly 25,000 fraudulent accounts to extract model outputs—which could push companies toward auditable domestic AI stacks and stricter corporate policies on overseas tools.