China’s official vulnerability database flagged recent Claude Code builds for transmitting sensitive user data without explicit consent. The alert centers on a mischaracterized anti-distillation safeguard that Anthropic quietly removed in a July patch.
China’s Vulnerability Database Flashes a High-Severity Warning on Claude Code
Anthropic’s Claude Code AI programming tool just found itself at the center of a cybersecurity spat. On July 8, 2026, China’s National Vulnerability Database issued a high-severity advisory flagging specific versions for allegedly containing a security backdoor that harvests and transmits user data.
The advisory specifically calls out versions 2.1.91 through 2.1.196. That’s a narrow window. According to the Chinese state database, these builds quietly captured geolocation pings and identity identifiers, then shipped that data to remote servers. No explicit user consent. Just silent collection. The government’s cybersecurity platform, operated under the Ministry of Industry and Information Technology, immediately told developers to audit their setups, strip out the affected code, and watch their network traffic like hawks.
Keep in mind that what reads as malicious spyware might actually be something else entirely. Claude Code engineer Thariq Shihipar noted that the functionality was part of a model distillation protection mechanism. Anthropic built it to stop rival AI firms from scraping Claude’s code outputs for training data. The mechanism got revised in early June following researcher pushback, then completely dropped in version 2.1.198 released July 1. You are looking at a case where a corporate security control got classified as a backdoor by regulators unfamiliar with the underlying architecture.
The Geopolitical Fallout
This isn't happening in a vacuum. Anthropic has been publicly clashing with Alibaba over illicit model training, even sending a letter to U.S. senators that called it the biggest attack on their AI systems to date. The tech giants have been trading accusations left and right. Alibaba reportedly banned its own staff from using Claude Code, pointing to the exact security concerns highlighted in this advisory. The warning also tracks with a broader pattern of Beijing tightening the screws on foreign software. AI coding tools are no longer just productivity widgets. They’re now considered critical infrastructure, and governments on both sides of the Pacific are treating them accordingly.
The AI dev tool market moves fast. What looks like a threat in June often becomes a footnote by August. We’ve seen similar panic over telemetry settings in other coding assistants, only for the vendor to release a quick patch and the headlines to fade. It’s a messy situation to navigate. The advisory carries real weight since it comes straight from China’s official threat-sharing platform and got amplified by state media. At the same time, the fact that Anthropic patched the behavior out within weeks suggests the core mechanism wasn’t inherently malicious, just poorly communicated. Developers should probably verify their installed version against the affected range before assuming the worst, but upgrading to 2.1.198 or later is the obvious fix. If your org runs Claude Code on a secure network, monitor the outbound connections and check the privacy docs.
