China Says Claude Code Had a Backdoor: AI Security Warning or Geopolitical Counterattack?
China’s vulnerability database has warned users to uninstall or upgrade Claude Code, claiming older versions transmitted location and identity data. Anthropic says it was an anti-abuse measure.
China’s National Vulnerability Database has issued an official warning about Anthropic’s Claude Code, alleging that older versions contained a built-in monitoring mechanism capable of transmitting sensitive information, including geographic location and identity-related identifiers, to remote servers without user consent. The warning advised organizations and users to uninstall or upgrade affected versions.
Anthropic disputes the framing. The company says the code in question was an anti-abuse measure aimed at unauthorized use and account evasion, not a malicious backdoor. It also notes that Claude Code was not authorized for use in China in the first place. Alibaba reportedly banned internal use of the tool before the government warning, turning a company-level security dispute into a national AI-sovereignty issue.
This story is not only about one coding tool. It is about trust in AI infrastructure during a U.S.-China technology war.
From China’s perspective, the warning is easy to justify. If a foreign AI coding tool can detect location, proxy use or account identity and report that information back to a U.S. company, Chinese agencies and firms will see a security risk. Even if the intention is anti-abuse, the capability looks like surveillance. In a world where code assistants may read proprietary software, security credentials, infrastructure scripts and internal documents, trust is everything.
From Anthropic’s perspective, the problem is also real. The company has accused Chinese labs and users of illicit distillation: using Claude outputs to train competing models. If unauthorized users bypass restrictions at scale, Anthropic has an incentive to detect and block them. Anti-abuse systems are common across software platforms. The question is whether such measures were disclosed properly, limited appropriately and safe for enterprise users.
Neither side is fully innocent. U.S. AI firms want to protect intellectual property and restrict access to adversarial jurisdictions. Chinese firms and regulators want to reduce dependence on American models and expose any behavior that can be framed as a security threat. The result is a perfect escalation loop: anti-abuse code becomes “backdoor,” security warning becomes industrial policy, and developers are left wondering which tools they can trust.
The broader implications are enormous. AI coding assistants are becoming part of the software supply chain. If governments begin treating them like strategic infrastructure, every telemetry function, model update and remote call becomes geopolitically sensitive. A tool that helps write code may also reveal what code a company is writing.
This will accelerate AI decoupling. Chinese developers may move toward domestic models such as DeepSeek, Qwen, GLM or Kimi. U.S. companies may harden access controls and monitor foreign use more aggressively. Enterprises worldwide will demand local deployment, audit logs and transparent telemetry. Open-source models will gain appeal because they can be inspected and run locally, even if they lag at the frontier.
The headline says China told a country to uninstall Claude. The deeper story is that AI trust is breaking along national lines. The next AI war may not begin with a model benchmark. It may begin with a security advisory.