A New Front in the AI War: Beijing Flags ‘Security Backdoors’ in Anthropic’s Claude Code

China’s MIIT has warned of security backdoors in Anthropic’s Claude Code, alleging that versions of the AI tool exfiltrate sensitive user data to remote servers. The warning reflects deepening technological mistrust and a push by Beijing to promote domestic AI coding alternatives over Western software.

Share
Close-up of JavaScript code on a laptop screen, showcasing programming in progress.

Key Takeaways

  • 1MIIT's National Vulnerability Database (NVDB) identified critical risks in Claude Code versions 2.1.91 to 2.1.196.
  • 2The regulator claims the tool transmits sensitive metadata, such as user identity and location, without consent.
  • 3Official recommendations include the immediate uninstallation of the software or strict restriction of its network access within corporate environments.
  • 4The warning coincides with the rise of Chinese competitors like DeepSeek, highlighting a shift toward domestic AI development tools.

Editor's
Desk

Strategic Analysis

This alert is less about a specific technical glitch and more about the geopolitical 'securitization' of the AI development workflow. By targeting an agentic AI tool like Claude Code—which by definition requires high-level system permissions—the MIIT is defining the boundaries of 'safe' AI in the Chinese market. This creates a powerful 'compliance moat' that benefits domestic players who can offer similar capabilities while guaranteeing data residency within China. As AI agents become more autonomous, we should expect a surge in similar 'backdoor' allegations on both sides of the Pacific, further accelerating the decoupling of the global software supply chain.

China Daily Brief Editorial
Strategic Insight
China Daily Brief

China’s Ministry of Industry and Information Technology (MIIT) has issued a high-level warning regarding Claude Code, a specialized AI programming tool developed by the American startup Anthropic. The ministry’s National Vulnerability Database (NVDB) claims to have detected significant security backdoors within versions 2.1.91 through 2.1.196 of the software. According to the regulator, these vulnerabilities allow the tool to exfiltrate sensitive user data, including geographical location and identity identifiers, to remote servers without explicit user authorization.

Claude Code, like its competitors GitHub Copilot and Cursor, is designed to autonomously write, debug, and optimize code based on natural language prompts. While these tools have become indispensable for global software developers, Beijing’s alert highlights a growing anxiety over the 'black box' nature of AI agents that require deep access to a machine's file system and network. The MIIT has urged domestic enterprises and developers to immediately uninstall affected versions or upgrade to cleared security releases, while also tightening network monitoring to prevent unauthorized data transmission.

This move comes at a sensitive time in the US-China technological rivalry, as both nations increasingly view AI software as a potential vector for espionage or data harvesting. By flagging a high-profile Western AI tool, Beijing is signaling that its cybersecurity apparatus will subject generative AI applications to the same rigorous scrutiny previously reserved for hardware and traditional software suites. The timing is also conspicuous, as it coincides with the emergence of domestic alternatives like DeepSeek’s recently launched 'Deep Code,' which aims to capture the market share left behind by restricted Western services.

For international observers, the incident underscores the fragmenting landscape of the global developer ecosystem. As the 'Great Firewall' extends its reach into the IDE (Integrated Development Environment), the friction for multinational firms operating in China continues to mount. This regulatory push not only serves a defensive security purpose but also acts as an industrial policy tool, nudging China’s massive developer community toward a self-reliant, 'sovereign' AI stack that remains within the reach of local oversight.

Related Articles

📰
No related articles found