Stock Markets July 8, 2026 10:28 AM

China Warns of Alleged 'Backdoor' in Anthropic’s Claude Code; Alibaba Restricts Employee Use

National Vulnerability Database flags built-in monitoring mechanism in specific Claude Code releases; Anthropic describes it as an experimental anti-abuse feature

By Hana Yamamoto
Share
Twitter Reddit Facebook LinkedIn
BABA

China’s National Vulnerability Database has issued an alert saying Anthropic’s AI coding assistant Claude Code contains a built-in monitoring mechanism that can transmit sensitive information, including users’ geographic locations and identity-related identifiers, to remote servers without consent. The advisory covers Claude Code versions 2.1.91 through 2.1.196. The database recommended that users uninstall impacted releases or update to a secure release, and tighten external network access and traffic monitoring. Alibaba has banned employee use of Claude Code at work. Anthropic says the code in question is an experimental anti-abuse mechanism and that Claude is not accessible in China.

China Warns of Alleged 'Backdoor' in Anthropic’s Claude Code; Alibaba Restricts Employee Use
BABA
Summarize with
ChatGPT Perplexity Claude Grok Gemini

Key Points

  • National Vulnerability Database says Claude Code contains a monitoring mechanism that can transmit geographic and identity-related identifiers to remote servers without consent.
  • The advisory covers Claude Code versions 2.1.91 through 2.1.196 and recommends uninstalling affected releases or upgrading to a secure release.
  • Alibaba has banned employee use of Claude Code at work; Anthropic characterizes the flagged code as an experimental anti-abuse mechanism and says Claude is not permitted in China.

China’s cybersecurity authorities have raised a formal alarm about a potential security vulnerability in Anthropic’s AI-assisted coding tool, Claude Code. In a notice posted on its WeChat account, the National Vulnerability Database described the issue as a serious "backdoor" risk, saying a built-in monitoring mechanism could send sensitive data to remote servers without users’ consent.

The advisory specifies that the vulnerability affects Claude Code versions 2.1.91 through 2.1.196. According to the notice, the monitoring mechanism is capable of transmitting information that includes users’ geographic location and identity-related identifiers to external servers.

The database urged organizations and individual users to immediately evaluate systems running the impacted releases. It recommended either uninstalling the affected versions or upgrading to the latest secure release in which the alleged backdoor code has been removed.

Beyond removal or upgrade, the advisory called on organizations to strengthen operational controls. Recommended measures include tightening external network access for development tools and enhancing traffic monitoring on core business networks to help prevent unauthorized transfers of sensitive information.

Following scrutiny of the tool’s features, China’s Alibaba has banned employees from using Claude Code at work. The company’s decision came after concerns were raised about capabilities that could assist in identifying China-linked users.

Anthropic responded to the reports by saying that what has been described as a "backdoor" is in fact an experimental anti-abuse mechanism. The company also stated that access to Claude is not permitted in China.


Key points

  • The National Vulnerability Database identified a potential monitoring mechanism in Claude Code that can transmit geographic and identity-related data to remote servers.
  • The warning applies to Claude Code versions 2.1.91 through 2.1.196; affected users were advised to uninstall or update to a secure release.
  • Alibaba has prohibited employee use of Claude Code at work; Anthropic says the code is an experimental anti-abuse feature and that Claude is not available in China.

Risks and uncertainties

  • Potential unauthorized transfer of sensitive user data - this presents a direct cybersecurity risk for enterprises using affected development tools.
  • Operational disruption for organizations that adopt stringent network controls or remove impacted software - IT and developer productivity may be affected.
  • Regulatory and reputational exposure for software vendors and platform users if sensitive data transfers are confirmed - relevant for technology and enterprise software sectors.

Risks

  • Unauthorized transfer of sensitive data could expose enterprises to cybersecurity breaches - impacts technology and enterprise software sectors.
  • Immediate mitigation steps such as uninstalling or upgrading may disrupt developer workflows and IT operations - impacts corporate IT and developer productivity.
  • Potential regulatory scrutiny and reputational harm if the data transfer capabilities are validated - impacts software vendors and corporate users.

More from Stock Markets

Blue Owl-backed Kirkwood to Build Fiber and Conduit Network for Hyperscale Data Centers Jul 8, 2026 Casablanca benchmark slips as banks, utilities and miners weigh on market Jul 8, 2026 Beijing Eases Chip Ban: Limited H200 Sales to Top Chinese AI Firms Jul 8, 2026 Prime Medicine Secures Rights to PM647 in Arbitration, Shares Rise Jul 8, 2026 Athens stocks slide as banking, telecoms and household sectors pull benchmark down Jul 8, 2026