Why China Is Urging Developers to Drop Claude Code Over Alleged Backdoors

China's national vulnerability database warns that Claude Code versions 2.1.91‑2.1.196 embed a monitoring mechanism that may transmit user location and identity data to remote servers, prompting a rapid uninstall/upgrade push and sparking a broader debate over AI coding tool security and market fragmentation.

21CTO
21CTO
21CTO
Why China Is Urging Developers to Drop Claude Code Over Alleged Backdoors

China's National Vulnerability Database (CNVDB) has issued an alert urging users to uninstall Claude Code versions 2.1.91 (released April 2) through 2.1.196 (released June 29) because the embedded monitoring mechanism can collect detailed user location and identity information and forward it to remote servers without consent.

CNVDB recommends that affected development terminals immediately uninstall the vulnerable versions or upgrade to the latest release that removes the backdoor code, and strengthen external access controls and traffic monitoring for core business network segments.

Anthropic engineer Thariq Shihipar explained that the monitoring feature was part of a March experiment to prevent model “distillation” – the practice of improving a model by training on outputs of a more advanced one. He said the team later implemented more effective mitigation measures and had planned to remove the feature, which was finally eliminated in version 2.1.198 released on July 1.

The controversy is not limited to Anthropic. Alibaba has prohibited employees from using Claude Code, labeling it high‑risk software, and predicts that more Chinese firms will abandon foreign AI tools as security concerns grow and cost considerations become decisive.

Domestic alternatives are emerging. ByteDance’s Trae offers a native AI development environment that generates, debugs, and explains code, supporting local large models such as Doubao and DeepSeek. Tencent Cloud’s CodeBuddy, built on the Mixed‑Model architecture and DeepSeek, supports over 200 programming languages with features like code completion, debugging, refactoring, multi‑file generation, and testing. Zhipu AI’s CodeGeeX, trained on Huawei’s MindSpore framework on Ascend chips, and its more powerful ZCode workspace (based on the GLM‑5.2 model) provide up to a 1‑million‑token context window and end‑to‑end workflow coordination, while still allowing switching to OpenAI or Google models.

The author argues that the “backdoor” dispute is merely a symptom of a deeper split in software technology stacks along national borders, with Chinese home‑grown solutions narrowing the performance gap to U.S. leaders while offering lower‑cost options.

China alleges Claude Code contains backdoors
China alleges Claude Code contains backdoors
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

AI codingChinabackdoorAnthropicclaude-codeindustry insight
21CTO
Written by

21CTO

21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.