China alleges that Claude Code contains backdoors, calls mechanism 'a serious threat' — Gov't claims Claude sends sensitive information to remote servers without consent
TL;DR
China’s National Vulnerability Database warned against Claude Code releases from April to June 2026, calling them backdoor security risks. The claim: a built-in monitoring mechanism could send location and identity data to remote servers without user consent. Anthropic engineer Thariq Shihipar framed the mechanism as an anti-abuse experiment against unauthorized resale and model distillation, with a rollback planned.
Nauti's Take
China calls it a backdoor, Anthropic calls it anti-abuse. Both sides have incentives, so the harshest reading should not be swallowed whole.
The better standard is simple: if a coding agent adds extra detection logic, it must be visible, documented, and controllable. Trust in AI developer tools will not come from security language, but from auditable builds, clear release notes, and logs admins can inspect.
Briefingshow
For teams, the practical issue is clearer than the geopolitical theater: coding agents often operate deep inside project context and can see repos, domains, tokens, paths, and internal structure. If vendors test hidden telemetry, a privacy FAQ is not enough. Companies need update discipline, proxy bans, and clear rules for which agents may touch production code.