Jul 8, 2026 · 10:29 PM
Subscribe
Home Ai

Anthropic Says China Was Never Authorized to Use Claude Code Anyway

China's Ministry of Industry and Information Technology warned that Anthropic's Claude Code contains a hidden monitoring mechanism sending user data to remote servers. Anthropic confirmed the code exists but said the affected users in China were never authorized to use Claude Code in the first place.

Walter Schulze
· 4 min read · 68 views
Anthropic Says China Was Never Authorized to Use Claude Code Anyway

Beijing told Chinese developers to delete Claude Code over a hidden tracking mechanism, and Anthropic responded by admitting the code exists while arguing those users weren't supposed to have the tool at all.

China's National Vulnerability Database, the cybersecurity platform run by the Ministry of Industry and Information Technology, told the country's developers on Wednesday to rip Claude Code off their machines. Anthropic's answer was blunt: those developers were never supposed to have it installed in the first place.

The NVDB posted its warning on WeChat, calling Claude Code's built-in monitoring mechanism a serious threat. According to the notice, the tool could send sensitive user information, including a person's region and identity identifiers, to a remote server without asking. The affected versions run from 2.1.91 to 2.1.196, a stretch that covers roughly April through late June, and the recommendation was simple: uninstall now or upgrade to a version that has stripped the code out.

Anthropic didn't dispute the mechanism. It confirmed it.

The company said the code was part of an internal experiment it introduced in March, built to catch resellers funneling access to users it had never approved and to stop what it calls illicit distillation, the practice of using a rival model to copy Claude's outputs and train a cheaper competitor on them. Anthropic restricts Claude Code sales in China under U.S. export rules, so the accounts the tracking code flagged, in Anthropic's telling, belonged to users who shouldn't have had the product running at all.

That's a real distinction, and it's worth sitting with for a second. Beijing's warning reads as a straightforward consumer protection notice: an American tool is quietly phoning home with your data, get rid of it. Anthropic's response reframes the same facts as an enforcement story. It built tracking into a restricted product specifically because the product kept ending up in the hands of people its own export controls say shouldn't have it. Both things can be true. The code sent data without consent, and the users it targeted were outside the terms Anthropic ever agreed to serve.

Alibaba has told employees to stop using Claude Code and pointed them to Qoder, its own coding assistant, according to reporting from The Register. Chinese firms have spent the past two years building homegrown alternatives to frontier US models precisely so a moment like this doesn't leave their engineers stranded, and Alibaba just used the excuse to enforce that switch internally rather than wait for a clearer verdict from regulators.

None of this happens in a vacuum. The dispute lands in the middle of an AI rivalry where both governments already treat model access as a national security lever, not just a commercial one. Washington restricts which AI tools Chinese firms can buy. Beijing runs a vulnerability database that can, with one WeChat post, turn a piece of code into a geopolitical incident, as the South China Morning Post noted in describing this as the latest escalation between the two countries over AI. Claude Code just became the test case for both sides at once.

What nobody disputes is the mechanics. Anthropic put code into a product used well beyond its intended market, that code sent identifying data back to Anthropic's own servers, and it did so without telling the people running it. Whether you call that a backdoor or an anti piracy measure depends entirely on which side of the export line you're standing on. Frankly, for the unauthorized users caught in the middle, the distinction won't matter much. Their data went out either way, and they found out about it from a Chinese government notice, not from Anthropic.

The flagged versions are already being phased out, and Anthropic says newer releases don't carry the code in question. The more interesting question is what Beijing does next: whether this becomes a one-off warning, or the opening argument for pushing Chinese developers toward domestic tools like Qoder for good.

Also read: Bank of America Reverses Course and Hands OpenAI Its First LoanxAI Launches Grok 4.5 With Pricing Built to Undercut Anthropic's Opus 4.8Prime Intellect Raises $130 Million for Enterprise AI Agents

TOPICS
Walter Schulze brings all the breaking news stories in the tech and startup world and to ensure that Startup Fortune offers a timely reporting on the trends happen in the industry. He now works on a part time basis for Startup Fortune specializing in covering tech and startup news and he also sheds light on investment opportunities and trends.
Related Articles
More posts →
Loading next article…
You're all caught up