China’s cybersecurity agency has accused Anthropic’s AI coding tool Claude Code of containing hidden backdoors capable of transmitting sensitive user data to remote servers without consent. The allegation marks a sharp escalation in the ongoing technology rivalry between the United States and China and raises new questions about trust in commercial AI tools.

What You Need to Know

The National Vulnerability Database of China issued the alert, warning that Claude Code versions released between April and June 2026 can transmit location and identity data. The claim comes despite the fact that Claude Code is not officially approved for public use in China and Anthropic has restricted access from the region. The accusation follows years of US AI companies accusing Chinese firms of model distillation.

The Allegation and the Data

China’s National Vulnerability Database, known as the NVDB, stated that Claude Code contains “security backdoor vulnerabilities.” According to the government body, versions of the tool released between April and June 2026 “can send sensitive information such as user location and identity to remote servers without the user’s consent due to a built-in monitoring mechanism.” The government advised users to either uninstall the software or update to the latest version.

The discovery was first flagged by a developer who revealed that Claude Code was covertly sending information including time zone and domain data, specifically targeting users in China. Anthropic engineer Thariq Shihipar later confirmed on social media that the monitoring was an experiment launched in June “to prevent account abuse from unauthorized resellers and protect against distillation.” Shihipar added that the experiment “should be fully rolled back in tomorrow’s release.”

  • NVDB warning: Claude Code transmits location and identity data to remote servers without user consent.
  • Anthropic’s explanation: The monitoring was an experiment to detect unauthorized resellers and prevent model distillation, set for removal in June 2026.
  • Grey market access: Chinese developers continue to access Claude Code through proxy networks despite restrictions.

Broader Context of Suspicion

The accusation does not exist in isolation. Anthropic has previously claimed that Chinese AI labs engaged in industrial-scale distillation of its models. Earlier this year, the company accused DeepSeek and other Chinese developers of creating 24,000 fraudulent accounts to train smaller models using Claude. In late June, Anthropic alleged that Alibaba had illicitly distilled its models from April to June 2026, involving 25,000 fake accounts and 28.8 million exchanges. Reports have also emerged of a grey market where Claude API access is resold at 90% off through proxy networks that harvest user data.

The Chinese government’s directive is curious because Claude Code is not officially approved for public use in China. The country requires all large language models to undergo government review, a process Anthropic’s models have not completed. Still, Chinese developers have found ways to use the tool, and Beijing’s alert effectively acknowledges that fact by telling users to update their apps.

Why This Matters

This incident underscores a fundamental trust problem at the intersection of geopolitics and commercial AI. When a government declares a foreign company’s tool a surveillance risk, it erodes user confidence across borders and creates a precedent for similar actions. For developers who rely on Claude Code, the episode highlights the risks of using AI tools that may contain undisclosed monitoring mechanisms, even if explained as anti-abuse measures. The escalation also signals that both the United States and China are willing to use security claims as leverage in the broader technology competition. The long-term consequence may be stricter regulation of AI tools in both markets, fragmenting the global developer ecosystem.