- China’s National Vulnerability Database warns that Claude Code contains spyware
- Alibaba recently banned Claude from internal use due to fears of user tracking
- Anthropic says it’s designed to prevent model distillation and illegal use
China has accused Anthropic’s Claude Code of containing what it describes as “security backdoor vulnerabilities” after the country’s National Vulnerability Database (CNVDB) found mechanisms capable of transferring user information to Anthropic servers without explicit user permission.
Researchers accuse the software vendor of collecting information such as user identity, geographic location, system environment information and other machine metadata.
The alleged “backdoor” poses risks of data leakage, IP exposure and other business risks, hence Alibaba’s recent decision to ban Claude Code internally.
China Backs Alibaba Accusations Regarding Claude Code, Anthropic
Alibaba engineers reverse-engineered the Claude Code to reveal controls for Chinese system time zones, proxy servers, AI lab infrastructure, and network characteristics.
Chinese authorities are now advising users to uninstall vulnerable releases to upgrade to newer versions that remove or modify this behavior. CNVDB claims that versions 2.1.91 to 2.1.196 are affected,
While Anthropic has denied claims that Claude Code contains malicious spyware or a deliberate espionage backdoor, it has admitted that these features do, framing its purpose as an anti-abuse experiment. Anthropic has been concerned about unauthorized reselling and model distillation, which it has already accused Alibaba of doing.
VPNs, proxies, cloud solutions and international subsidiaries have also emerged to give developers access to the otherwise restricted tools, hence Anthropic’s work to block access where it is restricted.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



