Newsletter Subscribe
Enter your email address below and subscribe to our newsletter

reutersscmp+1arstechnica+1China's National Vulnerability Database issued a formal security alert on Wednesday warning that Anthropic's AI coding tool Claude Code contains a "built-in monitoring mechanism" capable of transmitting sensitive user data to remote servers without consent, escalating tensions between Beijing and Silicon Valley over artificial intelligence.
The alert, posted on the WeChat account of the NVDB — a platform operated under China's Ministry of Industry and Information Technology — said affected versions range from 2.1.91 (released April 2) through 2.1.196 (released June 29). The agency said the mechanism could collect users' geographic location and identity-related identifiers and urged organizations to "immediately conduct a comprehensive investigation," uninstall the impacted versions, or upgrade to the latest release.theregister+2
The NVDB also recommended that organizations tighten controls on external network access for development tools and strengthen traffic monitoring on core business networks. Alibaba has banned employees from using Claude Code at work following the scrutiny, Reuters reported.global.chinadaily+1
The controversy traces back to late June, when a security researcher known as "Thereallo" discovered that Claude Code had been using steganographic techniques — subtle changes in date formatting and Unicode apostrophe characters within system prompts — to identify users connecting from China. The code checked whether a user's timezone matched Asia/Shanghai, whether proxy URLs pointed to Chinese domains, and whether connections were linked to Chinese AI labs.arstechnica+1
Anthropic engineer Thariq Shihipar confirmed on X that the tracker was added in March as an "experiment" meant to "prevent account abuse from unauthorized resellers and protect against distillation," and said the company had "actually been meaning to take this down for a while" after implementing stronger mitigations.arstechnica
Anthropic told the South China Morning Post that users in China "were never authorised to use Claude Code" in the first place. The company has said it banned nearly 700,000 accounts that were using Claude from China. The Washington Post reported that Anthropic deployed the tracking software in March after detecting a "whole ecosystem of proxy servers" enabling unauthorized Chinese access to its models.washingtonpost+2
The latest versions of Claude Code no longer contain the flagged code, and Anthropic has characterized the feature as a now-retired countermeasure rather than a data-harvesting backdoor.scmp+1