China flags security risk in Anthropic coding tool Claude Code
China’s industry ministry said some Claude Code versions pose a data security threat, as scrutiny of U.S. AI tools grows in the country.
By Amanda Ross · Deals Correspondent
· 3 min read
China’s Ministry of Industry and Information Technology said Wednesday that some versions of Anthropic’s Claude Code artificial intelligence coding tool contain a security flaw that could expose sensitive user data. The warning adds a cybersecurity dimension to a widening U.S.-China contest over advanced AI systems and their use inside Chinese companies.
The ministry said its cybersecurity threat platform had identified what it described as a “back-door” vulnerability in Claude Code. In a Chinese-language statement, the platform said the autonomous coding tool could transmit sensitive information to a remote server without user consent, according to CNBC’s translation.
The information at risk could include a user’s location and identity, the cybersecurity platform said. It described the issue as a serious threat and advised users to remove the affected software or upgrade away from the versions it listed.
The affected Claude Code versions are 2.1.91 through 2.1.196, according to the Chinese cybersecurity platform. Anthropic’s changelog shows those releases covered the period from April 2 to June 29, while the latest version listed on Anthropic’s website as of Wednesday was 2.1.204.
AI coding tools draw regulatory attention
Claude Code is an AI-assisted software development tool from Anthropic, a U.S.-based AI company. Such tools can help write, review and modify code, and their access to development environments can make data handling and permissions a core security issue for companies that use them.
China’s warning did not provide public technical details beyond the alleged data transmission risk. Anthropic did not immediately respond to CNBC’s request for comment.
The notice comes after Anthropic last month accused Alibaba of trying to extract its AI capabilities, according to CNBC. Anthropic’s services are not officially available in China, and Alibaba did not comment on those accusations at the time.
Despite those access restrictions, some users in China have found ways to use U.S. AI systems. At a state-organized forum in March, a Xiaomi AI developer said many people were using Claude Code, CNBC reported.
Alibaba has also told employees to stop using Anthropic tools for work beginning July 10, CNBC confirmed Monday. The company’s internal move highlights the operational risk for Chinese businesses that have relied on foreign AI services that may sit outside formal domestic access channels.
Security warning lands amid U.S.-China AI rivalry
The Claude Code notice fits into a broader pattern of scrutiny around foreign technology in China, especially in fields with strategic value such as AI, cloud infrastructure and software development. Beijing has emphasized data security and technological self-reliance as competition with Washington has intensified.
For companies, AI coding assistants can increase productivity but may also raise questions over where prompts, source code, credentials or system metadata are processed. If a tool sends data to external servers, users and employers may need controls over what information leaves their internal systems.
The Chinese platform’s recommendation was direct: users of the affected versions should uninstall Claude Code or upgrade. Anthropic’s website indicates that newer releases are available, though the company had not commented publicly to CNBC on China’s specific vulnerability claim.
This story draws on original reporting from CNBC.