China's MIIT Flags 'Backdoor' Risk in Anthropic's Claude Code
TL;DR
- China's NVDB, run by MIIT, flagged Claude Code versions 2.1.91 through 2.1.196 for transmitting location and identity data without user consent.
- Anthropic engineer Thariq Shihipar said on X the code was a March experiment against unauthorised resellers; the removal pull request merged on July 1.
- Alibaba is banning Claude Code from employee workstations starting July 10 and directing staff to its in-house Qoder platform instead.
China's Ministry of Industry and Information Technology just made last week's company-level Alibaba ban look small. Its National Vulnerability Database, per CNBC's reporting, issued a formal 'backdoor' advisory naming Anthropic's Claude Code versions 2.1.91 through 2.1.196, alleging the tool contains a built-in monitoring mechanism that transmits users' geographic location and identity-related identifiers to remote servers without consent. Chinese organisations were told to uninstall the affected versions or upgrade, and to tighten traffic monitoring on developer tools.
The advisory did not appear in a vacuum. A June 30 Reddit post reverse-engineering Claude Code surfaced obfuscated logic that had shipped silently since 2.1.91, checking whether a machine's timezone was Asia/Shanghai or Asia/Urumqi and scanning proxy URLs against a hardcoded list of Chinese domains. According to Tom's Hardware, the detection was hidden inside the system prompt via unicode variants of the apostrophe in the phrase 'Today's date is,' invisible to users but readable by Anthropic's backend. Thariq Shihipar, an engineer on the Claude Code team, said on X the mechanism was 'an experiment we launched in March' intended to prevent account abuse from unauthorised resellers and protect against distillation, and the pull request removing it was merged on July 1.
Why the state-level escalation matters more than the Alibaba policy: MIIT's advisory converts an internal HR decision into national cover for any Chinese enterprise to rip the tool out, and, in Alibaba's case, migrate staff to its in-house Qoder platform when the ban takes effect on July 10. It also sets a template. A US AI vendor shipping obfuscated geo-detection now has to assume the discovery route ends at a national CERT-level notice, not a bug tracker.
The honest caveat is that the advisory rests on the same reverse-engineered artefact Anthropic has already patched, and the 'transmitting sensitive information' framing is stronger than the steganographic signal the code actually appears to have carried. What the reporting does not settle is how many Chinese users were on Claude Code to begin with, given it was not officially available there, or whether MIIT plans enforcement beyond the guidance.
The upside for domestic Chinese coding assistants like Qoder is direct, and it now arrives with a state endorsement. For everyone else, the useful read is that silent experiments inside developer tooling now carry a geopolitical price, and the vendors who publish honest release notes are the ones who will get to keep enterprise trust.
Originally reported by CNBC
Read the original article →Original headline: China's MIIT Issues National 'Backdoor' Advisory Against Claude Code — Names Versions 2.1.91–2.1.196 for Transmitting Location and Identity Data to Anthropic Without Authorization