China's cybersecurity authorities have raised alarm over potential security vulnerabilities in Anthropic's Claude Code, an artificial intelligence coding agent developed by the San Francisco startup. According to China's National Vulnerability Database, the tool allegedly contains what it describes as a "security backdoor" that could enable unauthorized transmission of sensitive user information, including location data and identity-related identifiers, back to Anthropic's servers without explicit user permission.
Claude Code functions as an AI-powered development tool capable of generating, debugging, and reviewing computer code based on user instructions and prompts. The system has gained traction among software developers seeking to accelerate their workflow and reduce manual coding errors. However, the alleged vulnerability has triggered concerns across major Chinese enterprises, with implications for how international tech companies manage data collection practices in increasingly sensitive jurisdictions.
The warning came from China's National Vulnerability Database, an official cybersecurity platform overseen by the Ministry of Industry and Information Technology. The NVDB issued a formal advisory on its website stating that it had "detected that the AI coding tool Claude Code contains security backdoor risks, posing a severe threat" to users and organizations. The advisory recommended that institutions and individual users conduct immediate comprehensive reviews of their systems and either uninstall the tool or upgrade to a version where the alleged backdoor code has been removed.
Anthropoc has implemented regional restrictions to prevent access from users and entities in China and other nations it considers strategically adverse. Nevertheless, Chinese users and organizations have continued accessing the platform through virtual private networks and third-party proxy services, creating a grey zone where Anthropic's safeguards prove ineffective. This technical circumvention highlights the ongoing friction between Western AI developers and Chinese regulatory bodies over data sovereignty and national security concerns.
The cybersecurity allegations gained particular weight when Alibaba, one of China's largest technology conglomerates, announced an immediate ban on Claude Code usage effective July 10. According to individuals with direct knowledge of the decision, Alibaba communicated the prohibition to its workforce due to unspecified security concerns. The decision by such a high-profile corporation sends a powerful signal to other Chinese technology companies and reflects broader skepticism about international AI tools' data handling practices.
Historical friction between Anthropic and Chinese technology firms adds context to the current dispute. Anthropic has previously accused Alibaba of engaging in a practice known as "distillation," whereby the company allegedly reverse-engineered Anthropic's proprietary AI models to reproduce their capabilities and functionality. Such allegations underscore the competitive pressures and intellectual property tensions that characterize the global AI industry, particularly between American startups and Chinese technology giants.
Thariq Shihipar, an engineer at Claude Code, offered a substantially different interpretation of the data collection practices. In a post on the social media platform X, Shihipar acknowledged that the tool was indeed tracking certain data from Chinese users, but characterized this as a controlled experiment launched in March specifically designed to identify and prevent account abuse originating from unauthorized resellers. The engineer further explained that the tracking mechanism served to protect Anthropic's intellectual property against distillation attempts, the very practice the company had previously accused Alibaba of pursuing.
Shihipar's explanation reframes the controversy as a defensive measure rather than a malicious backdoor. He indicated that Anthropic had subsequently developed what the team considered stronger alternative safeguards against abuse and distillation. The engineer confirmed that the original tracking experiment was always intended to be temporary, and that the company had actually been planning to remove this functionality for some time. He stated that the data collection mechanism would be "fully rolled back" in the scheduled release dated July 2, suggesting the issue was already in resolution before the Chinese authorities made their formal complaint.
The incident illustrates the complex relationship between Silicon Valley AI developers and Chinese regulatory authorities. While Anthropic explicitly restricts access from mainland China, the company's products remain accessible through technical workarounds, placing the startup in a difficult position. It must balance protecting its intellectual property against distillation while simultaneously managing data privacy concerns raised by Chinese government bodies and major corporate users in the region.
For Malaysian and Southeast Asian technology stakeholders, the dispute carries significant implications. Regional enterprises that rely on international AI tools face growing pressure to demonstrate compliance with evolving cybersecurity standards, particularly as China and other nations implement stricter data protection frameworks. The incident underscores the emerging pattern whereby geopolitical tensions translate into practical restrictions on technology adoption, forcing organizations to make difficult choices between advanced AI capabilities and perceived security risks.
The controversy also highlights the broader challenge facing international AI companies operating across jurisdictions with divergent regulatory philosophies and security priorities. Anthropic's response—removing the data collection mechanism—represents a concession to Chinese pressure, even though the company contests the characterization of its practices. This pattern may establish precedent for how Western AI firms address similar allegations from other governments, potentially leading to increasingly fragmented AI services tailored to different regional requirements.
As the global AI landscape continues to mature, incidents like this underscore the necessity for greater transparency in how these tools collect, store, and utilize user data. Regional technology leaders and policymakers across Southeast Asia will likely scrutinize similar concerns about international AI platforms, potentially leading to their own investigative efforts and policy responses. The intersection of artificial intelligence development, intellectual property protection, and data sovereignty remains a critical flashpoint for international technology governance.
