China's cyber authority has flagged a "security backdoor" in Anthropic's Claude Code, the popular AI coding tool, and Alibaba has banned it for employees. Anthropic describes the same mechanism as an anti-abuse experiment. According to CBS News, CNBC and Tom's Hardware, here are the facts, both sides, and the practical fix. For background, see our AI coding agent guide.
What was flagged
According to the reporting, China's Ministry of Industry and Information Technology (MIIT) said its cybersecurity threat platform found that Claude Code contained a security back-door. The claim: the tool could transmit sensitive information - including a user's location and identity-related identifiers - back to Anthropic's servers without consent.
Alibaba then banned employees from using Claude Code for work, effective 10 July, and pointed staff to an alternative tool.

What Anthropic says
Anthropic's account is different. An engineer on the Claude Code team, Thariq Shihipar, addressed the findings on X, describing the mechanism as an experiment launched in March to prevent account abuse by unauthorised resellers and to protect against model distillation.
In other words, the two sides agree that code existed to detect where a user was - but disagree on its purpose: a covert data-collection backdoor, per the Chinese alert, versus an abuse-prevention check, per Anthropic. We are not in a position to adjudicate intent; both descriptions are on the record.
Which versions, and the fix
The concrete, useful part is the version range. According to the coverage:
- Affected: Claude Code 2.1.91 to 2.1.196 (released 2 April to 29 June 2026).
- Latest listed version: 2.1.204 - outside the flagged range.
The low-effort step for anyone using it: uninstall the affected versions or upgrade to the current release.
The wider lesson
Whatever the intent here, the episode is a reminder that an AI coding tool runs on your machine with real access - your files, your environment, and a network connection back to a vendor. That is worth a moment of AI agent security thinking:
- Know what leaves your machine. Any cloud AI tool sends prompts and context to a server. Check what a tool transmits and when.
- Follow policy for sensitive code. If you work on regulated or confidential code, apply your organisation's rules on which AI tools are allowed.
- Keep tools updated. Running the current version is the simplest way to stay clear of a flagged build.
The honest takeaway
Two caveats. First, this is a live dispute: a government alert and a company's explanation, reported by mainstream outlets, not a settled independent audit. We have stated both sides without picking one. Second, the fix is undramatic and the same either way: update Claude Code and know what your tools send.
The honest read: treat any AI coding assistant as software with access and a network link, keep it current, and match your caution to your threat model. If you are weighing alternatives, our Cursor vs Claude Code comparison and best coding LLMs 2026 overview can help.



