Chinese regulators have flagged a ”backdoor” in Anthropic’s Claude Code, urging companies to uninstall affected versions of the AI coding assistant. The Ministry of Industry and Information Technology’s cybersecurity arm says the tool secretly collected user geolocation and identifiers without consent, and embedded covert markers in system prompts via steganography. While Anthropic didn’t deny the tracking mechanism, it claims this was an experimental anti-model-distillation feature that has now been rolled back.

Reuters reported on the warning citing China’s National Vulnerability Database. Versions of Claude Code from 2.1.91 through 2.1.196 are implicated. Regulators are calling on organizations to urgently audit their systems and either remove these affected builds or update to software versions where the problematic code has been removed.

The Chinese authorities say the embedded mechanism transmitted users’ precise geolocation and personal identifiers to remote servers. Additionally, a concealed tracker reportedly collected timezone and proxy details, invisibly tagging certain system prompt requests. These tags allegedly enabled tracking of queries suspected to originate from or concern China.

Anthropic engineer Tarik Shihipar previously explained the feature launched in March as an experiment to combat model distillation-a process where competitors or unauthorized resellers flood requests through another company’s AI model to harvest outputs for training their own systems. Anthropic planned to remove the tracker anyway; after the controversy erupted, it fast-tracked disabling the feature in the next update.

Claude Code’s challenges in China’s regulatory environment

This raises a sensitive issue for Anthropic, which officially doesn’t serve the Chinese market. Yet Chinese developers and companies often circumvent access blocks via VPNs and proxies. For Beijing, this raises two concerns: hidden data collection and unauthorized use of a foreign AI tool bypassing local regulations.

Following the regulatory alert, Alibaba banned employee use of Claude Code starting July 10, switching them to its homegrown Qoder platform. This aligns with a broader push by Chinese tech giants to replace foreign AI tools with domestic alternatives. Major Chinese companies have already launched their own AI code assistants and models, so this scandal accelerates the shift.

The tensions aren’t new. Since February, Anthropic has publicly accused Chinese AI labs-including Alibaba’s Qwen-of mass distillation of Claude models. Meanwhile, OpenAI in 2024 tightened API access restrictions for users in China and Hong Kong. Chinese regulators have concurrently increased controls over cross-border data flows and generative AI security.

The competitive stakes go beyond pure model quality. The AI coding assistant market is rapidly expanding and includes rivals like GitHub Copilot, Cursor, Google’s Gemini Code Assist, and regional platforms like Qoder. These tools compete not only on model capabilities but also on integration within IDEs and command lines. Any hint of stealth telemetry damages user trust, especially since developers are highly sensitive about what data leaves their machines.

For Anthropic, the fallout will become clearer in the coming weeks as enterprise clients decide whether to view this as a flawed anti-fraud experiment or a breach of fundamental trust. China’s message is already clear: it’s easier to replace foreign AI tools with local solutions when telemetry practices are opaque. This sets a tough precedent not just for Claude Code but any overseas AI service navigating China’s complex regulatory and political landscape.

Source: Kod

Leave a comment

Your email address will not be published. Required fields are marked *