China reported detecting a possible security flaw in Claude Code, the AI-based programming tool developed by Anthropic. This specific alert refers to certain versions of the software and suggests unauthorized transmission of user data to remotely located servers.
Security Alert Details
As reported by Reuters, China's National Vulnerability Database (NVDB) identified a mechanism within Claude Code capable of transmitting information classified as sensitive. In a statement released via WeChat, the agency linked to China's Ministry of Industry clarified that this feature could expose data such as users' geographical location and personal identifiers to external servers without proper consent.
The security advisory covers versions of Claude Code between 2.1.91 and 2.1.196. The NVDB advised both companies and affected users to conduct a thorough review of impacted systems and implement various protective measures, such as uninstalling vulnerable versions, updating the software to the latest version, strengthening access controls to external networks, and actively monitoring data flow on corporate networks.
For the Chinese authority, this alleged mechanism represents a 'serious threat,' especially in professional contexts where AI tools are used in software development.
Anthropic's Contestations and Security Experiments
This questioning emerged amid the global competition for advancements in artificial intelligence. Claude Code, created by Anthropic, is widely used by engineers and researchers to assist with programming tasks. The controversy gained momentum after a Reddit post alleged that the company had secretly incorporated code into the software intended to track users associated with China.
An Anthropic collaborator contested this allegation on the social network X, explaining that the code was part of an experiment initiated in March. According to this employee, the purpose of this initiative was twofold: to prevent the misuse of accounts by unauthorized resellers and to prevent distillation processes.
Additionally, Anthropic itself had previously accused Chinese AI companies, including Alibaba, of improperly using its models through distillation, which involves training a new system based on responses generated by another existing model.
Corporate and Regulatory Impact
Following the increase in discussions about the tool's identification features, Alibaba mandated a ban on its employees using Claude Code for work activities. Anthropic did not provide an immediate response to requests for comment regarding the Chinese government's statement. It should be noted that the American company had previously stated that Chinese companies were not eligible to access Claude.
Although China has not yet given official approval for Anthropic's services for public use within its territory, Chinese researchers and engineers have continued to access the model through external connections, often with the support of their employers. This incident demonstrates that, beyond performance metrics and innovation, artificial intelligence tools are being evaluated for their potential impact on privacy, information control, and digital security.
