China Calls Claude Code a Security Risk Amid Deepening Anthropic-Alibaba Dispute

hina's vulnerability database has urged users to uninstall affected versions of Claude Code, while Anthropic insists the disputed functionality was an anti-abuse experiment, not a backdoor

3
China Calls Claude Code a Security Risk Amid Deepening Anthropic-Alibaba Dispute
Security, Compliance & RiskNews

Published: July 10, 2026

Kristian McCann

China’s National Vulnerability Database (CNVDB) has formally flagged Anthropic’s Claude Code as containing β€œsecurity backdoor vulnerabilities” and urged users to uninstall affected releases and upgrade to newer versions that remove or alter this behavior.

The database claims versions 2.1.91 to 2.1.196 are affected and can transmit user data to Anthropic’s servers without explicit user consent.

Anthropic has pushed back against the characterization, denying that Claude Code contains malicious spyware or an intentional espionage backdoor. However, the company has acknowledged that the functionality in question does exist, framing it as part of an anti-abuse experiment rather than a deliberate attempt to surveil users.

What the CNVDB Actually Found

According to the CNVDB’s findings, the alleged vulnerabilities center on mechanisms capable of collecting user identity information, geographic location data, system environment details, and broader machine metadata. Chinese researchers claim this data could be relayed to Anthropic’s servers without users’ knowledge or consent.

The concerns were initially raised by Alibaba engineers, who reverse-engineered Claude Code and identified checks for Chinese system time zones, proxy servers, AI lab infrastructure, and specific network characteristics. That discovery prompted Alibaba to ban the tool internally ahead of the formal government filing.

Anthropic maintains that the monitoring mechanism was an experimental measure designed to detect and prevent unauthorized account resale and model distillation, not to harvest sensitive user data. The company says the experiment was conducted solely to protect service integrity.

Keith King, Founder and Managing Principal at Q Advisory, says the company’s explanation has done little to settle the matter: β€œAnthropic acknowledged that an experiment had been conducted, stating that its purpose was to protect service integrity rather than collect sensitive user information for broader purposes,” he said.

β€œThe reported functionality has since become a focus of public scrutiny regarding transparency and user consent.”

The CNVDB advisory also highlights downstream risks, including potential data leakage, intellectual property exposure, and broader enterprise security vulnerabilities for organizations running the affected versions.

A Dispute That Doesn’t Exist in a Vacuum

The CNVDB filing arrives amid an active dispute between Anthropic and Alibaba. Last month, Anthropic accused the Chinese technology giant of conducting a large-scale distillation campaign and called for US government intervention. That accusation heightened tensions between the two companies and appears to have directly informed Anthropic’s decision to implement the monitoring mechanisms now at the center of the Chinese government’s complaint. King says the row is symptomatic of something larger:

β€œA new dispute between China and Anthropic underscores the escalating geopolitical tensions surrounding AI, software transparency, and cross-border data governance.”

VPNs, proxies, cloud workarounds, and international subsidiaries have also emerged as common methods for developers to access Anthropic tools in markets where they are otherwise restricted, reinforcing the company’s motivation to track and block unauthorized usage.

Yet the security pressures facing Anthropic are not limited to its relationship with China. Just last month, the US government banned the company’s most recent and capable frontier model, Mythos, citing security flaws that allowed it to be jailbroken. The decision marked a significant moment for the company. Mythos has since been reinstated, though in a more restricted capacity.

The sequence of events illustrates the dual pressure Anthropic is navigating: scrutiny from foreign governments over alleged data collection on one side, and scrutiny from its own government over the risks its most powerful models may pose on the other.

King captured the dynamic succinctly: β€œTechnical security concerns are increasingly intertwined with geopolitical competition and national policy.”

What Comes Next

The CNVDB’s ruling places Anthropic in a difficult position. It must address legitimate transparency questions surrounding the monitoring functionality while defending itself against what it characterizes as a misrepresentation of its intent, all within an environment of heightened regulatory scrutiny on both sides of the Pacific.

Chinese authorities are pressing ahead with their advisory, urging users to transition away from affected versions. Whether that guidance translates into formal regulatory action or broader restrictions on Anthropic products in China remains to be seen.

For Anthropic, the immediate priority will likely be demonstrating that its anti-abuse measures were proportionate, transparent, and compliant with international data governance standards. Its acknowledgement of the monitoring experiment, however it is framed, will require a clear public account of how user data was handled and what safeguards were in place.

With the Mythos situation still fresh, a live dispute with Alibaba over model distillation, and now a formal government filing from China, Anthropic is navigating a pivotal period in its history. How it responds in the coming weeks will shape how it is perceived on both sides of the geopolitical divide.

AI AssistantGenerative AI Security​Security and Compliance
Featured

Share This Post