China Flags Claude Code Back Door as Domestic AI Tools Rise

China’s cybersecurity watchdog has flagged Anthropic’s Claude Code as a security risk. The National Vulnerability Database (NVDB) identified multiple versions as containing a hidden back door.
This back door could send user locations and identities to remote servers without consent. The NVDB urged organizations to uninstall affected versions or update to patched releases.
Anthropic admitted it embedded a tracking code in Claude Code as an experiment starting in March. The aim was to prevent illicit “distillation” of their AI models and stop account abuse.
The company said its policy has always barred China-based users from accessing Claude Code. Still, the tracker quietly flagged users’ time zones, proxies, and potential ties to Chinese AI labs.
After a security researcher exposed the tracker, Anthropic removed it. Engineer Thariq Shihipar said they planned to remove it earlier, as stronger protections were already in place.
The affected versions span from April to late June, specifically versions 2.1.91 to 2.1.196. Anthropic has since released newer versions without the tracking code.
Alibaba responded swiftly, banning its employees from using Claude Code starting July 10. The company cited security concerns related to the hidden tracker.
Anthropic also accused Alibaba last month of attempting to extract its AI capabilities through “distillation” attacks. Chinese labs’ distillation efforts have been described as a serious threat to national security and AI safety standards.
Chinese firms have developed their own ways to detect signs of distillation in large language models. Alibaba’s Qwen AI model has been tested to mimic Claude, occasionally identifying itself as Claude.
Domestic AI coding tools are gaining traction amid these tensions. Zhipu AI offers ZCode, a Chinese AI workspace, while Huawei’s MindSpore framework supports training of Zhipu’s CodeGeeX model.
ByteDance’s Trae platform boasts over 6 million registered users, aiming for 1.6 million monthly active users by the end of 2025. Such tools are positioned as safer alternatives amid rising security concerns over foreign AI software.
Pro subscriptions to unauthorized Claude Code retailers sell for as little as $12 monthly, compared to the standard $100. This unauthorized market adds complexity to controlling access in China.
China’s Ministry of Industry and Information Technology oversees the NVDB. Its recent alert marks a rare public callout of a major Western AI tool. The move signals Beijing’s intent to protect local AI sovereignty and clamp down on foreign tech it suspects of espionage.
Based on
- Beijing flagged Claude Code as a back door, and Chinese coding tools are lining up to take its place — thenextweb.com
- Beyond Claude Code: the Chinese AI tools poised to benefit after back-door alert | South China Morning Post — scmp.com
- Anthropic hits back after China warns of Claude Code ‘backdoor’ risks | South China Morning Post — scmp.com
- China warns of “security backdoor” in Anthropic AI coding tool – CBS News — cbsnews.com
- Secret Claude tracker shocks users after Anthropic’s anti-surveillance stance – Ars Technica — arstechnica.com




