Chinaβs National Vulnerability Database (CNVDB) has formally flagged Anthropicβs Claude Code as containing βsecurity backdoor vulnerabilitiesβ and urged users to uninstall affected releases and upgrade to newer versions that remove or alter this behavior.
The database claims versions 2.1.91 to 2.1.196 are affected and can transmit user data to Anthropicβs servers without explicit user consent.
Anthropic has pushed back against the characterization, denying that Claude Code contains malicious spyware or an intentional espionage backdoor. However, the company has acknowledged that the functionality in question does exist, framing it as part of an anti-abuse experiment rather than a deliberate attempt to surveil users.
What the CNVDB Actually Found
According to the CNVDBβs findings, the alleged vulnerabilities center on mechanisms capable of collecting user identity information, geographic location data, system environment details, and broader machine metadata. Chinese researchers claim this data could be relayed to Anthropicβs servers without usersβ knowledge or consent.
The concerns were initially raised by Alibaba engineers, who reverse-engineered Claude Code and identified checks for Chinese system time zones, proxy servers, AI lab infrastructure, and specific network characteristics. That discovery prompted Alibaba to ban the tool internally ahead of the formal government filing.
Anthropic maintains that the monitoring mechanism was an experimental measure designed to detect and prevent unauthorized account resale and model distillation, not to harvest sensitive user data. The company says the experiment was conducted solely to protect service integrity.
Keith King, Founder and Managing Principal at Q Advisory, says the companyβs explanation has done little to settle the matter: βAnthropic acknowledged that an experiment had been conducted, stating that its purpose was to protect service integrity rather than collect sensitive user information for broader purposes,β he said.
βThe reported functionality has since become a focus of public scrutiny regarding transparency and user consent.β
The CNVDB advisory also highlights downstream risks, including potential data leakage, intellectual property exposure, and broader enterprise security vulnerabilities for organizations running the affected versions.
A Dispute That Doesnβt Exist in a Vacuum
The CNVDB filing arrives amid an active dispute between Anthropic and Alibaba. Last month, Anthropic accused the Chinese technology giant of conducting a large-scale distillation campaign and called for US government intervention. That accusation heightened tensions between the two companies and appears to have directly informed Anthropicβs decision to implement the monitoring mechanisms now at the center of the Chinese governmentβs complaint. King says the row is symptomatic of something larger:
βA new dispute between China and Anthropic underscores the escalating geopolitical tensions surrounding AI, software transparency, and cross-border data governance.β
VPNs, proxies, cloud workarounds, and international subsidiaries have also emerged as common methods for developers to access Anthropic tools in markets where they are otherwise restricted, reinforcing the companyβs motivation to track and block unauthorized usage.
Yet the security pressures facing Anthropic are not limited to its relationship with China. Just last month, the US government banned the companyβs most recent and capable frontier model, Mythos, citing security flaws that allowed it to be jailbroken. The decision marked a significant moment for the company. Mythos has since been reinstated, though in a more restricted capacity.
The sequence of events illustrates the dual pressure Anthropic is navigating: scrutiny from foreign governments over alleged data collection on one side, and scrutiny from its own government over the risks its most powerful models may pose on the other.
King captured the dynamic succinctly: βTechnical security concerns are increasingly intertwined with geopolitical competition and national policy.β
What Comes Next
The CNVDBβs ruling places Anthropic in a difficult position. It must address legitimate transparency questions surrounding the monitoring functionality while defending itself against what it characterizes as a misrepresentation of its intent, all within an environment of heightened regulatory scrutiny on both sides of the Pacific.
Chinese authorities are pressing ahead with their advisory, urging users to transition away from affected versions. Whether that guidance translates into formal regulatory action or broader restrictions on Anthropic products in China remains to be seen.
For Anthropic, the immediate priority will likely be demonstrating that its anti-abuse measures were proportionate, transparent, and compliant with international data governance standards. Its acknowledgement of the monitoring experiment, however it is framed, will require a clear public account of how user data was handled and what safeguards were in place.
With the Mythos situation still fresh, a live dispute with Alibaba over model distillation, and now a formal government filing from China, Anthropic is navigating a pivotal period in its history. How it responds in the coming weeks will shape how it is perceived on both sides of the geopolitical divide.