China's state-affiliated cybersecurity agency has raised alarm over what it characterises as a dangerous security vulnerability embedded in Anthropic's Claude Code AI tool, alleging the software contains mechanisms to transmit sensitive user information directly to the company's servers without explicit permission. The complaint centres on the potential to extract location data and identity-related identifiers from Chinese users, according to the National Vulnerability Database (NVDB), a platform overseen by China's Ministry of Industry and Information Technology.
Claude Code represents Anthropic's artificial intelligence coding agent, designed to assist software developers by automatically generating computer code, identifying and fixing bugs, and providing code reviews based on natural language instructions from users. The tool has gained traction among developers globally as part of the broader expansion of AI-powered programming assistants into professional workflows. However, the tool has now become caught in the crosscurrents of US-China technological tensions, with Beijing questioning whether the underlying architecture poses risks to national cybersecurity and user privacy.
Anthropie has implemented access restrictions that prevent users and organisations from mainland China and other nations classified as geopolitically adversarial from directly using its products. Yet this barrier remains porous in practice, as technically sophisticated users in China can circumvent these limitations through virtual private networks (VPNs) and proxy services, allowing them to access Anthropic's AI systems despite the official geographic blocking. This technical workaround has kept the door open for Chinese companies and individuals to experiment with and potentially integrate Claude Code into their operations.
The NVDB's statement on its official website asserted that it had recently identified "security backdoor risks" in Claude Code that posed "a severe threat" to institutional and individual users. The agency issued a directive recommending that organisations and individuals immediately conduct thorough security audits of any systems using the tool, and advised them to either completely uninstall the software or upgrade to a patched version from which the alleged backdoor code has supposedly been removed. Beyond software remediation, the NVDB also counselled organisations to intensify their network monitoring capabilities to detect and prevent any unauthorised transmission of confidential information across their digital infrastructure.
The controversy has already triggered tangible business consequences in China. Alibaba, the country's largest technology conglomerate, announced internally to its workforce that Claude Code would be prohibited from use beginning July 10, citing unspecified security concerns. Sources familiar with the decision indicated that the timing coincided with the NVDB's disclosure, suggesting the ban reflects official cybersecurity warnings. This move by Alibaba carries symbolic weight in China's tech sector, as major corporations often align their internal policies with government guidance on technology security matters.
The relationship between Anthropic and Alibaba has previously been contentious. Anthropic has publicly attributed to Alibaba the practice of reverse-engineering its proprietary AI models through a technique called distillation, whereby a competitor's model is analysed and its outputs are used to train a substitute system that mimics its functional capabilities. This accusation of intellectual property appropriation adds a layer of commercial friction to the current dispute over Claude Code's security posture, raising questions about whether regulatory concerns and competitive grievances are intertwined.
When the allegations first surfaced in specialist technology media, Anthropic declined to provide comment to international news agencies, a silence that allowed the narrative to develop without official company clarification. However, Thariq Shihipar, an engineer on Claude Code's development team, subsequently offered a technical explanation on the social media platform X, disputing the characterisation of the feature as a malicious backdoor. Shihipar explained that the data-gathering functionality was actually an experimental anti-abuse measure launched in March with the specific purpose of combating unauthorised account access from illegal resellers and defending against the kind of model distillation that Anthropic had previously accused Alibaba of conducting.
According to Shihipar's account, the Anthropic team had already developed more robust technical safeguards to replace the original experiment and had been planning to deactivate the feature for some time before the Chinese allegations emerged. He indicated that the problematic code would be completely removed in a release scheduled for July 2, suggesting that the timeline of the company's remediation was independent of the NVDB's public complaint. This explanation positions the incident as an engineering oversight or abandoned experiment rather than a deliberate architectural backdoor, though it simultaneously raises questions about why the feature was permitted to remain active longer than necessary if the team was aware of superior alternatives.
The Claude Code controversy reflects the deepening friction in artificial intelligence governance between Washington and Beijing, where each side increasingly scrutinises the other's AI technologies through a security lens. For Southeast Asian nations that maintain relationships with both the United States and China, this dispute underscores the technological bifurcation now occurring within the global AI ecosystem. Companies and governments in the region must navigate choices about which AI tools to adopt and integrate into their digital infrastructure while considering both genuine security risks and the geopolitical dimensions of technology regulation.
The incident also highlights the emerging challenge of distinguishing between legitimate security concerns and the weaponisation of cybersecurity discourse for competitive or political advantage. While China's allegations warrant technical scrutiny, the timing and context surrounding Alibaba's ban and Anthropic's previous accusations against the Chinese company suggest that pure technical evaluation exists within a broader competitive and political context. As AI tools become increasingly embedded in professional workflows across Asia, questions about vendor trustworthiness, data sovereignty, and the credibility of security warnings will likely intensify, requiring both transparency from technology providers and sophisticated analysis from governments and institutions assessing which risks are material and which are strategically motivated.
