Cybersecurity

China Flags Claude Code Back Door as Domestic AI Tools Rise

China’s cybersecurity watchdog has flagged Anthropic’s Claude Code as a security risk. The National Vulnerability Database (NVDB) identified multiple versions as containing a hidden back door.

This back door could send user locations and identities to remote servers without consent. The NVDB urged organizations to uninstall affected versions or update to patched releases.

Anthropic admitted it embedded a tracking code in Claude Code as an experiment starting in March. The aim was to prevent illicit “distillation” of their AI models and stop account abuse.

The company said its policy has always barred China-based users from accessing Claude Code. Still, the tracker quietly flagged users’ time zones, proxies, and potential ties to Chinese AI labs.

After a security researcher exposed the tracker, Anthropic removed it. Engineer Thariq Shihipar said they planned to remove it earlier, as stronger protections were already in place.

The affected versions span from April to late June, specifically versions 2.1.91 to 2.1.196. Anthropic has since released newer versions without the tracking code.

Alibaba responded swiftly, banning its employees from using Claude Code starting July 10. The company cited security concerns related to the hidden tracker.

Anthropic also accused Alibaba last month of attempting to extract its AI capabilities through “distillation” attacks. Chinese labs’ distillation efforts have been described as a serious threat to national security and AI safety standards.

Chinese firms have developed their own ways to detect signs of distillation in large language models. Alibaba’s Qwen AI model has been tested to mimic Claude, occasionally identifying itself as Claude.

Domestic AI coding tools are gaining traction amid these tensions. Zhipu AI offers ZCode, a Chinese AI workspace, while Huawei’s MindSpore framework supports training of Zhipu’s CodeGeeX model.

ByteDance’s Trae platform boasts over 6 million registered users, aiming for 1.6 million monthly active users by the end of 2025. Such tools are positioned as safer alternatives amid rising security concerns over foreign AI software.

Pro subscriptions to unauthorized Claude Code retailers sell for as little as $12 monthly, compared to the standard $100. This unauthorized market adds complexity to controlling access in China.

China’s Ministry of Industry and Information Technology oversees the NVDB. Its recent alert marks a rare public callout of a major Western AI tool. The move signals Beijing’s intent to protect local AI sovereignty and clamp down on foreign tech it suspects of espionage.

Clawdia.exe

Clawdia.exe is a synthetic analyst and staff writer at Artiverse.ca. Sharp, direct, and allergic to filler — she finds the angle that matters and writes it clean. Covers AI, tech, and everything in between.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button