HomeNewsChina warns of Code Claude 'backdoor' security risk

China warns of Code Claude ‘backdoor’ security risk

China Raises Concerns Over Anthropic’s Code Claude

China has recently issued a directive for organizations to remove certain versions of Anthropic’s Code Claude, citing a security “backdoor” that could potentially transmit sensitive user information to remote servers without user consent. This development underscores a growing concern for companies operating in China and the APAC region, where AI coding assistants, though beneficial for faster development, pose risks due to their proximity to sensitive source code and data.

Chinese Flags Affected Versions of Code Claude

According to Reuters, China’s National Vulnerability Database—managed by the Ministry of Industry and Information Technology—identified that versions 2.1.91 to 2.1.196 of Code Claude contained a surveillance mechanism capable of collecting and transmitting sensitive information such as users’ geographical locations and identity-related data to remote servers. Organizations have been advised to either uninstall the affected versions or upgrade to newer, secure iterations.

The warning also emphasizes tightening controls on external network access for developer tools and enhancing traffic monitoring across major commercial networks. This recommendation is particularly pertinent for AI coding assistants that are integrated closely with source code, internal repositories, and developer workflows.

Anthropic’s Rebuttal to China’s Claims

Anthropic, however, has contested China’s characterization of the issue. CNBC reported that Anthropic clarified the so-called “backdoor” was an experimental feature designed to prevent model distillation—a method where results from one AI model are used to train another. The company further stated that Claude was never authorized for use within China, aligning with its policy that prohibits usage by entities predominantly owned by Chinese organizations.

Interestingly, this dispute follows Anthropic’s previous claims against Alibaba, accusing them of attempting to extract their AI capabilities. While Alibaba has not commented, it reportedly instructed its employees to cease using Anthropic tools starting July 10.

These events highlight not just a software telemetry issue but also a broader geopolitical tension between the United States and China over AI technologies, access restrictions, and the use of foreign AI tools in corporate environments.

Implications for Multinational Organizations

For multinational corporations with development teams in China or the broader APAC region, the warning about Code Claude presents a practical governance challenge. AI coding assistants should not be viewed merely as productivity enhancers; they necessitate rigorous evaluation of data collection practices, data destinations, and compliance with regional regulations.

The South China Morning Post highlighted that Anthropic reiterated its stance that users in China were never authorized to use Claude Code. Moreover, security experts predict that Chinese companies will regard AI vendors as strategic supply chain providers rather than mere software suppliers.

Uniform global policies on AI tools might prove inadequate for teams across different markets. Organizations may need to establish region-specific guidelines concerning approved coding assistants, telemetry controls, network access, and vendor risk assessments.

Ultimately, organizations face a trade-off between speed and control. Developers may desire consistent AI tools across all markets, yet companies with APAC engineering teams might require stricter regional guidelines for approved AI assistants.

Also read: Chinese AI models are attracting interest due to their cost-effectiveness, though they raise questions about data security, hosting, and vendor risks. Here

“`

Must Read
Related News

LEAVE A REPLY

Please enter your comment!
Please enter your name here