Why China Is Urging Developers to Drop Claude Code Over Alleged Backdoors
China's national vulnerability database warns that Claude Code versions 2.1.91‑2.1.196 embed a monitoring mechanism that may transmit user location and identity data to remote servers, prompting a rapid uninstall/upgrade push and sparking a broader debate over AI coding tool security and market fragmentation.
China's National Vulnerability Database (CNVDB) has issued an alert urging users to uninstall Claude Code versions 2.1.91 (released April 2) through 2.1.196 (released June 29) because the embedded monitoring mechanism can collect detailed user location and identity information and forward it to remote servers without consent.
CNVDB recommends that affected development terminals immediately uninstall the vulnerable versions or upgrade to the latest release that removes the backdoor code, and strengthen external access controls and traffic monitoring for core business network segments.
Anthropic engineer Thariq Shihipar explained that the monitoring feature was part of a March experiment to prevent model “distillation” – the practice of improving a model by training on outputs of a more advanced one. He said the team later implemented more effective mitigation measures and had planned to remove the feature, which was finally eliminated in version 2.1.198 released on July 1.
The controversy is not limited to Anthropic. Alibaba has prohibited employees from using Claude Code, labeling it high‑risk software, and predicts that more Chinese firms will abandon foreign AI tools as security concerns grow and cost considerations become decisive.
Domestic alternatives are emerging. ByteDance’s Trae offers a native AI development environment that generates, debugs, and explains code, supporting local large models such as Doubao and DeepSeek. Tencent Cloud’s CodeBuddy, built on the Mixed‑Model architecture and DeepSeek, supports over 200 programming languages with features like code completion, debugging, refactoring, multi‑file generation, and testing. Zhipu AI’s CodeGeeX, trained on Huawei’s MindSpore framework on Ascend chips, and its more powerful ZCode workspace (based on the GLM‑5.2 model) provide up to a 1‑million‑token context window and end‑to‑end workflow coordination, while still allowing switching to OpenAI or Google models.
The author argues that the “backdoor” dispute is merely a symptom of a deeper split in software technology stacks along national borders, with Chinese home‑grown solutions narrowing the performance gap to U.S. leaders while offering lower‑cost options.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
21CTO
21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
