- China’s national vulnerability database warns that Claude Code contains spyware
- Alibaba recently banned the use of Claude internally over fears of tracking users
- Anthropic says it is designed to prevent model distillation and illegal use
China has accused Anthropic’s Code Claude of containing what it describes as “security backdoor vulnerabilities” after the country’s National Vulnerability Database (CNVDB) found mechanisms capable of transmitting user information to Anthropic’s servers without the user’s explicit permission.
Investigators accuse the software vendor of collecting information such as user identity, geographic location, system environment information, and other machine metadata.
The so-called “backdoor” poses risks of data leakage, intellectual property exposure, and other business risks, hence Alibaba’s recent decision to ban Claude Code internally.
China backs Alibaba’s accusations about Claude Code and Anthropic
Alibaba engineers reverse engineered Claude Code to reveal checks on Chinese system time zones, proxy servers, AI lab infrastructure, and network characteristics.
Chinese authorities now recommend users uninstall vulnerable versions to update to newer versions that eliminate or alter this behavior. CNVDB states that versions 2.1.91 to 2.1.196 are affected,
While Anthropic has rejected claims that Claude Code contains malicious spyware or an intentional spy backdoor, it has admitted that those functionalities do support it, framing the purpose as an anti-abuse experiment. Anthropic has been concerned about unauthorized reselling and distillation of models, which it has already accused Alibaba of.
VPNs, proxies, alternative cloud solutions, and international subsidiaries have also emerged to give developers access to tools that would otherwise be restricted, hence Anthropic’s work to block access where it is restricted.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




