China's industry regulator flags 'backdoor' risk in Claude Code
Release time:2026-07-08

China's industry regulator has flagged security risks in Claude Code, an artificial intelligence programming tool developed by US startup Anthropic, warning that certain versions could expose sensitive user information through unauthorized data transmission.

The Ministry of Industry and Information Technology's Network Security Threat and Vulnerability Information Sharing Platform said on Wednesday that it had detected a potential "backdoor" risk in Claude Code, describing the threat as serious.

Claude Code, an AI coding assistant that can independently generate, debug, and modify software based on natural-language instructions, has become part of a new wave of AI tools reshaping software development.

The NVDB said affected versions range from 2.1.91 to 2.1.196. It alleged that the tool's built-in monitoring mechanisms could transmit sensitive information — including users' location data and identity-related identifiers — to remote servers without user authorization.

The platform urged companies and developers using affected versions to immediately conduct security checks and remove the vulnerable versions or upgrade to the latest releases that have eliminated the relevant code.

It also advised organizations to tighten controls over external connections from development tools on critical business networks and strengthen traffic monitoring to prevent unauthorized leakage of sensitive data.