Voz media US Voz.us

China warns of an alleged 'backdoor' in Anthropic's Claude Code AI tool

Claude Code is an AI-powered programming assistant capable of generating code, debugging software and reviewing computer projects based on user instructions.

Anthropic. File photo

Anthropic. File photoNurPhoto via AFP.

Diane Hernández
Published by

The National Vulnerability Database of China (NVDB), an agency affiliated with the Ministry of Industry and Information Technology, warned on Wednesday about the existence of an alleged "security backdoor" in some versions of Claude Code, the AI-assisted programming tool developed by the U.S. company Anthropic.

According to the Chinese regulator, this functionality could allow the software to transmit confidential information, such as users’ locations and certain identifiers related to their identity, to Anthropic’s servers without the consent of those using the platform.

Claude Code is an AI-based programming assistant capable of generating code, debugging software and reviewing computer projects based on user instructions.

Anthropic restricts access to its products in China

Although Anthropic restricts access to its products in China and other countries it considers high-risk, the tool continues to be used in the country via virtual private networks (VPNs) and third-party proxy services.

The NVDB stated in a press release published on its website that it detected “backdoor security risks” in the tool, which, according to the agency, pose a “serious threat.” Consequently, it recommended that users and institutions immediately review their systems and uninstall or update the software to a version in which, it claims, the questionable code has been removed. It also urged them to strengthen monitoring of network traffic to prevent potential leaks of sensitive data.

According to AFP, Anthropic did not respond to requests for comment on the allegations, which began circulating last week in technology-focused media outlets.

The agency also reported, citing sources familiar with the matter, that the Chinese tech giant Alibaba recently informed its employees that it will ban the use of Claude Code starting July 10 due to security concerns.

Anthropic accused Alibaba of using reverse engineering techniques

The controversy comes amid growing tensions between the two companies. Previously, Anthropic accused Alibaba of using reverse-engineering techniques on its artificial intelligence models through a process known as “distillation,” with the aim of replicating their capabilities.

​However, a Claude Code engineer, Thariq Shihipar, responded to the allegations last week in a post on the social media platform X. As he explained, the functionality in question was part of an experiment implemented in March to detect abuses related to unauthorized resellers and account fragmentation.

​“Since then, the team has implemented more effective mitigation measures, and we’ve been planning to remove this for some time… it should be completely rolled back in tomorrow’s release,” the engineer wrote, referring to the removal of that mechanism.
tracking