China’s National Vulnerability Database (NVDB) said in a statement that Claude Code, Anthropic’s popular AI coding tool, contains “security backdoor vulnerabilities,” and warned users to either uninstall it or update to its latest version. According to the Wall Street Journal, versions of the tool released between April and June 2026 “can send sensitive information such as user location and identity to remote servers without the user’s consent due to a built-in monitoring mechanism.” It should be noted, though, that the Chinese government released this guidance even though the AI tool isn’t approved for public use in China. Anthropic has also restricted the use of its AI tools in the region due to national security risks.
Go deeper with TH Premium: AI and data centers
It seems that this directive stems from the revelation by developer Troye Sivan that Claude Code is covertly sending information like time zone and domains, targeting Chinese users. Anthropic engineer Thariq Shihipar confirmed on X that it was an experiment the company launched in June “to prevent account abuse from unauthorized resellers and protect against distillation.” He also added that “this should be fully rolled back in tomorrow’s release.”
Anthropic has already accused Chinese AI labs of distilling Claude twice — it said earlier this year that DeepSeek, alongside other Chinese developers, created 24,000 fraudulent accounts to train smaller models. It once again claimed in late June that Claude was distilled, this time by Alibaba. There have also been several reports that Claude API access is being resold in the grey market at 90% off through proxy networks.
It seems that Anthropic’s experiment has already concluded and that its tracking functions will no longer be hidden and will be baked directly into Claude Code, based on Shihipar’s statement. This is probably why the Chinese cybersecurity agency recommended that users update their Claude Code apps to the latest version. However, this is still a curious guidance — even though Claude Code is not directly banned in China, the government still requires all AI LLMs to undergo review, which Anthropic’s AI models did not go through.
Still, despite the dual bans, Chinese developers are finding ways to access Claude Code. More than that, Beijing is seemingly acknowledging this fact with its directive, telling people who use the AI tool to update their apps.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

3 hours ago
5








English (US) ·