US artificial intelligence (AI) company Anthropic said users in China being advised to uninstall its flagship Claude Code product were not supposed to be using it in the first place, responding after Beijing warned of security “backdoor” risks.
The company’s statement comes after a cybersecurity platform managed by China’s Ministry of Industry and Information Technology (MIIT) said on July 8 that Anthropic’s agentic coding tool poses “a serious threat” to Chinese users, in the latest escalation of the US-China AI race.
According to a post on the WeChat account of China’s National Vulnerability Database, Claude Code’s “built-in monitoring mechanism” means that sensitive user information could be sent to a remote server without the user’s consent.
Anthropic confirmed that it had embedded hidden code in Claude Code to track user locations in an attempt to stop illicit “distillation” of its models.
The Chinese cybersecurity platform said that its warning applied to Claude Code versions 2.1.91 to 2.1.196, which span a period from April to late June. Anthropic has released newer versions of the product since then.
“For developers that have installed the above-mentioned affected versions, they should immediately uninstall or upgrade to the latest secure version that has removed the relevant backdoor code,” the post said, recommending users to strengthen control over external access permissions to prevent “unauthorised transmission of sensitive data”.
Asked to comment on Beijing’s warning, an Anthropic spokesperson said that the company’s usage policy has always prohibited access by China-based users.
Still, Claude Code is hugely popular in Chinese developer communities, though there are no official figures of usage as Anthropic has not made the tool officially available in China, including Hong Kong.
In recent months, the company has accused a number of leading Chinese tech companies of distilling their models – a common practice in the AI industry that uses outputs from large AI models to train smaller ones – including DeepSeek, MiniMax and Alibaba Group Holding.
Last week, Alibaba handed down a firm-wide ban on employees using Claude Code, citing security backdoor risks, according to an internal notice seen by the South China Morning Post.
Cai Peng, a Beijing-based partner at Zhong Lun specialising in cybersecurity, said the backlash against Anthropic in China is not surprising as the undisclosed tracking mechanism poses a “direct and unacceptable security risk” for any Chinese enterprise using the tool, especially given Anthropic’s “adversarial” attitude towards China.
More Chinese firms could stop usage of Claude Code as a result, especially leading tech giants, Cai said.
Ben Hu, a member of the Hong Kong China Network Security Association, said that frontier AI security issues can no longer be seen through a traditional cybersecurity lens as they increasingly intersect with export controls and national security.
“Chinese companies will have to evaluate AI suppliers not just as traditional software vendors but as strategic supply chain suppliers whose reliability may be affected by geopolitics and national security,” he said.
Alibaba owns the South China Morning Post. – South China Morning Post
