China: Ditch older Claude versions with backdoor code
Jump to main content
Search
REG AD
Security
China tells devs to ditch Claude Code over 'backdoor code' fears
National vulnerability database claims monitoring mechanism can forward Chinese users' data to remote servers
Connor Jones
Connor<br>Jones
Cybersecurity reporter
Published<br>wed 8 Jul 2026 // 14:58 UTC
China's National Vulnerability Database (CNVDB) is urging developers to uninstall recent Claude Code versions over the fear that they can scoop up sensitive user data without consent.<br>Referring to it as "backdoor code," the state-run body claimed over WeChat and in an online statement that a "built-in monitoring mechanism" can gather details such as a user's location and identity, and forward them to remote servers.<br>It said the alert only applies to Claude Code versions 2.1.91 (April 2) to 2.1.196 (June 29). "It is recommended that relevant units and users immediately conduct a comprehensive investigation," CNVDB said on Wednesday.
REG AD
"For development terminals with the above-mentioned affected versions installed, immediately uninstall or upgrade to the latest secure version with the relevant backdoor code removed; strengthen the control of external access permissions and traffic monitoring of development tools within core business network segments to prevent the unauthorized transmission of sensitive data."
REG AD
The Register asked Claude maker Anthropic to comment, but it did not immediately respond.<br>Neither did Anthropic answer our questions last week about its covert code designed to prevent competing AI companies from extracting intel about Claude's inner workings.<br>Claude Code engineer Thariq Shihipar stated publicly that Anthropic launched an experiment in March to protect against model distillation – a process by which AI companies try to improve their models by training them on the answers of those that are more advanced.<br>"The team has landed stronger mitigations since then and we've actually been meaning to take this down for a while," he said. The secret steganography system was removed in version 2.1.198, released on July 1.
MORE CONTEXT
Anthropic is removing its covert code for catching Chinese competitors
Anthropic reserves right to check ID for Claude subs
New humanoid robots from China look like creepy pop star action figures – complete with slightly dodgy lip-synch
China's agentic AI policy wants to keep humans in the loop
We had asked Anthropic whether it disclosed this mechanism in its terms of service documents, but it referred us to Shihipar's statement, which did not address the question.<br>Anthropic's alleged tracking of Chinese users is not the only matter contributing to souring relations between the AI company and China. It was also embroiled in a public spat with Chinese tech giant Alibaba, which it accused of using Claude's outputs to improve Alibaba models.<br>According to a letter to two US senators seen by Reuters, it was the largest attack on Anthropic's AI that the company had ever seen.<br>More recently, Alibaba banned its staff from using Claude over fears it could be used to identify Chinese users, according to the South China Morning Post. ®
security
REG AD
ai and ml
OpenAI job listing suggests ChatGPT could someday replace junior analysts at Goldman Sachs
What, did someone get some bad news during their IPO process or something?
security
GitHub Copilot: Sorry Dave, I can't do that harmful thing - unless you ask me in code
More fun with AI jailbreaks, this time at the workflow level
Put all your data and AI to work and get it out of silos and lakehouses
PARTNER CONTENT: In the agentic era, intelligence has to be where the agents and data are acting, not separated from it.
Virtualization
Allstate Insurance quits Broadcom, alleges vengeful license audit on the way out
CA and VMware both suing insurance giant
networks
Media Over QUIC can scale real-time streaming and carry the world's vids
The low latency of WebRTC, the scalability of DASH, and perhaps no need for CDNs
PERSONAL TECH
AI memory crunch takes a bite out of PC shipments
IDC warns smaller players may struggle as DRAM drought drags on
MOST POPULAR
ai and ml
Even banks and hyperscalers are now sounding the alarm about the AI bubble
Security
Hackers shoveled snow for company, were rewarded with network admin access
OFFBEAT
C programmers commit fresh crimes against readability
AI AND ML
New humanoid robots from China look like creepy pop star action figures – complete with slightly dodgy lip-synch
os platforms
Former Microsoft engineer shrinks Notepad down to size
AI
AI and ML
AI is becoming a bargain hunter's market, with a few luxury models on top
Inference is become a commodity except for frontier models
AI and ML
South Korean chip startup FuriosaAI invades European datacenters
RNGD accelerators land in Equinix's Lisbon DCs
AI and ML
Enterprise AI still smarting from leaping before looking
Majority...