China Warns Developers to Uninstall Claude Code: Backdoor Risk or AI Cold War Retaliation?
China’s vulnerability warning against Claude Code has turned a technical detection feature into a geopolitical trust crisis around American AI tools.
China’s National Vulnerability Database has issued a security warning about Anthropic’s Claude Code, reportedly flagging a “backdoor” risk and urging organizations to uninstall or upgrade affected versions. The warning follows a fast-moving controversy over hidden telemetry-like behavior allegedly designed to detect Chinese users, proxy activity and potential abuse.
The timeline is striking. A developer reverse-engineered Claude Code and claimed to find hidden signals tied to time zones and proxy connections. Those signals were allegedly encoded in subtle formatting changes that Anthropic servers could read. An Anthropic engineer reportedly described the code as a March experiment aimed at catching account abuse and preventing model distillation. Alibaba then banned the tool internally, and China’s government-backed vulnerability infrastructure elevated the issue into a national warning.
This is not a normal software bug story. It sits at the center of the AI Cold War. Anthropic has reason to worry about distillation. Western AI firms accuse Chinese companies and users of extracting capabilities from American frontier models by generating enormous volumes of outputs and training rival systems on them. If a model is blocked in China but accessed through fake accounts, proxies or offshore routes, detection mechanisms become part of corporate defense.
China has reason to worry about American AI tools. If code-writing assistants collect signals about users, locations, repositories, prompts or workflows, they can become intelligence risks. In a world where AI coding tools are embedded inside companies, labs and government contractors, trust is not optional. A feature that a U.S. company calls anti-abuse telemetry may look to Beijing like a surveillance backdoor.
Both sides can be partly right. Anthropic may have built detection to protect intellectual property. Chinese authorities may still see that detection as an unacceptable hidden channel. The technical intent does not eliminate the security concern.
The headline says China told developers to uninstall Claude Code. The deeper question is whether any frontier AI tool can remain global when its telemetry, weights, prompts and access rules are all seen as instruments of national power. This story is not really about one coding tool. It is about who controls the software layer of the next economy.