
BEIJING — A cybersecurity platform run by China’s industry ministry issued a warning Wednesday that it had found a serious security vulnerability — described as a “backdoor” — lurking inside Anthropic’s artificial intelligence coding tool, Claude Code.
The National Vulnerability Database, known as NVDB, published the alert through its official WeChat account, stating that Claude Code contains a built-in surveillance mechanism able to quietly transmit sensitive user data — including geographic location and identity-related identifiers — to remote servers, all without the user’s knowledge or approval.
According to the warning, the vulnerability affects Claude Code versions 2.1.91 through 2.1.196.
NVDB recommended that businesses and individual users take immediate action by reviewing any affected systems and either removing the compromised versions entirely or upgrading to the most recent release, which the database claims no longer contains the problematic code.
The agency also called on organizations to strengthen controls over external network access for development software and to boost monitoring of data traffic on core business networks in order to block any unauthorized movement of sensitive information.
The alert comes after Reuters reported last week that China’s Alibaba had prohibited its employees from using Claude Code on the job, following scrutiny of features within the tool that can reportedly help identify users with connections to China.
Anthropic had not responded to a request for comment at the time of publication.







