Key Takeaways
- Chinese regulator NVDB warns users of a 'security backdoor' in Anthropic's Claude Code.
- The alleged backdoor could transmit sensitive information to Anthropic’s servers without consent.
- Alibaba has banned the use of Claude Code due to security concerns.
A Chinese cybersecurity platform, NVDB, warned users on Wednesday of a 'security backdoor' in versions of US artificial intelligence company Anthropic's coding tool, Claude Code. The warning comes amid growing concerns over data privacy and the potential for sensitive information to be transmitted without user consent.
According to NVDB, which is affiliated with China’s Ministry of Industry and Information Technology, the AI coding tool has been flagged as containing security backdoor risks, posing a severe threat. The platform advised relevant institutions and users 'to conduct a comprehensive check immediately' and 'promptly uninstall or upgrade to the latest secure version from which the relevant backdoor code has been removed.'
Anthropic, based in San Francisco, blocks users and companies in China and other nations it deems adversarial from accessing its products. However, it is still possible for Chinese users to access the tool through a Virtual Private Network (VPN) or third-party proxy services. The company has not responded to AFP requests for comment on the allegations.
Chinese tech giant Alibaba recently informed employees that the use of Claude Code would be banned from July 10 due to security concerns, according to people familiar with the matter. This decision follows similar actions taken by other Chinese companies in response to growing cybersecurity threats and data privacy issues.
Anthropic has previously accused Alibaba of reverse-engineering its AI models to mimic their abilities through a process known as 'distillation.' In an X post last week, Claude Code engineer Thariq Shihipar responded to reports alleging that the tool was tracking certain data from Chinese users. He stated, 'This is an experiment we launched in March that was meant to prevent account abuse from unauthorised resellers and protect against distillation. The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while… this should be fully rolled back in tomorrow’s release.'
The warning issued by NVDB highlights the ongoing tensions between Chinese regulators and international tech companies, particularly those operating within China's borders or facing restrictions from it. The move also underscores the importance of data privacy and security in the rapidly evolving AI landscape.
As users and institutions navigate these challenges, they are advised to remain vigilant and take proactive steps to ensure their digital assets are secure.
This is an experiment we launched in March that was meant to prevent account abuse from unauthorised resellers and protect against distillation. The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while… this should be fully rolled back in tomorrow’s release.
Thariq Shihipar, Claude Code engineer




