12 / 1790

China alleges that Claude Code contains backdoors, calls mechanism 'a serious threat' — Gov't claims Claude sends sensitive information to remote servers without consent

TL;DR

China's National Vulnerability Database is warning about Claude Code versions released between April and June 2026. The claim: a built-in monitoring mechanism could send location and identity data to remote servers without user consent. The agency calls the mechanism a serious threat and tells users to uninstall the tool or update to the latest version. The odd part: Claude Code is not approved for public use in China, and Anthropic already restricts access there.

Nauti's Take

The real damage is not limited to China; it is a trust hit for developer tools. Anthropic has a valid reason to fight unauthorized resellers and model distillation.

Hidden detection through system-prompt tricks is still a bad choice, because this is exactly the audience that inspects what its agent sends to the model. Users do not need panic, but they do need clean version tracking, telemetry review, company policy and region rules.

Briefingshow

This case shows how quickly security and geopolitics merge around coding agents. For teams, the key question is not whether China is using the word backdoor politically, but whether a tool sends hidden signals about environment, proxy use or identity. Agents sit inside code, terminals and repositories, so silent telemetry is far more sensitive than in a normal SaaS login.

Sources