Key Points
- Chinese National Vulnerability Database identified unauthorized data collection in Claude Code versions 2.1.91 to 2.1.196
- The vulnerability reportedly enabled transmission of user location and identity information to Anthropic servers without permission
- Chinese authorities recommended immediate uninstallation or system updates for affected organizations
- Alibaba implemented an internal prohibition on Claude Code usage effective July 10 due to security risks
- Anthropic engineer Thariq Shihipar acknowledged the data collection was part of an anti-abuse testing protocol, confirming remediation efforts underway
Chinese cybersecurity authorities have issued a formal alert regarding a potential security vulnerability in Anthropic’s Claude Code, an AI-powered coding assistant, recommending users either remove the software or upgrade to patched versions immediately.
On July 8, the National Vulnerability Database (NVDB), operating under China’s Ministry of Industry and Information Technology, published the security advisory through its official WeChat channel.
According to the NVDB’s assessment, Claude Code versions spanning from 2.1.91 to 2.1.196 contain functionality that captures user geographic positioning data and identifying information, subsequently transmitting this data to external servers without explicit user authorization.
Authorities characterized the vulnerability as representing a “severe threat” to organizational security, advising immediate comprehensive system audits.
Chinese Tech Giant Implements Internal Restrictions
Prior to the public disclosure, Alibaba, one of China’s largest technology corporations, had already taken preemptive action. The company informed its workforce last week that Claude Code would be prohibited for professional applications beginning July 10, instructing employees to transition to Qoder, Alibaba’s proprietary coding tool.
Alibaba referenced identical security vulnerabilities identified by the NVDB in justifying the restriction.
This development further complicates the already tense dynamic between Alibaba and Anthropic. Anthropic has previously raised concerns that Alibaba and additional Chinese technology companies employ “distillation” methodologies — a process involving training compact AI systems using outputs from sophisticated models — to replicate proprietary capabilities.
Engineer Acknowledges Anti-Abuse Experiment
Anthropic has not released an official corporate statement addressing China’s security warning.
Nevertheless, Thariq Shihipar, an engineer working on Claude Code, commented on the matter via X following initial coverage in specialized technology publications.
Shihipar explained that the data collection mechanism was implemented as part of experimental measures initiated in March. The objective centered on deterring account misuse by unauthorized third-party resellers and defending against model distillation practices.
“The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while,” Shihipar stated. He confirmed that complete removal of the tracking feature would be incorporated in the upcoming software release.
Anthropic maintains access restrictions preventing users and organizations located in China and other designated regions from utilizing its services. Nevertheless, numerous Chinese developers continue accessing Claude Code through virtual private network services and international proxy infrastructure.
The NVDB additionally advised organizations to implement stricter external network access protocols and enhance traffic surveillance capabilities to detect and prevent unauthorized data exfiltration.
At publication time, Anthropic had not provided responses to media inquiries regarding the specific claims outlined in the NVDB advisory.



