China recently raised concerns over potential security vulnerabilities associated with the AI coding tool Claude Code, developed by the U.S.-based company Anthropic. The Chinese Ministry of Industry and Information Technology reported that its cybersecurity threat platform identified a "back-door" security risk in versions 2.1.91 to 2.1.196 released between April 2 and June 29, which could potentially transmit sensitive user information, such as location and identity, to a remote server without user consent.
This warning comes amid increasing tensions in the U.S.-China tech rivalry and follows accusations from Anthropic that Chinese tech giant Alibaba attempted to extract its proprietary AI capabilities, which are not officially accessible in China. While Alibaba has not publicly responded to these allegations, the company has directed its employees to cease using Anthropic’s tools as of July 10, as reported by CNBC.
Despite the restrictions, many users in China have reportedly found ways to access U.S.-based AI tools, including Claude Code. An AI developer from Xiaomi noted at a state-sponsored forum that the tool was being utilized widely among local developers.
In response to the allegations of a security backdoor, Anthropic clarified that this was part of an experimental phase intended to enhance security measures. The company also emphasized that its policies prohibit usage by entities predominantly owned by organizations based in China.
Why this story matters: Raises questions about cybersecurity in international technology use and the implications for users.
Key takeaway: Security vulnerabilities in AI tools could lead to unauthorized data transmission, prompting calls for caution among users.
Opposing viewpoint: Anthropic argues that the identified issue was experimental and contends that its tools are securely governed against misuse by specific organizations.