Anthropic, a Silicon Valley-based artificial intelligence company, is at the center of a dispute with Chinese authorities following accusations that its Claude Code model contains a backdoor security vulnerability. The claim was highlighted in China’s National Vulnerability Database, managed by analysts from the Ministry of Industry and Information Technology, which described the issue as a “serious threat” and advised users to remove the affected software.

The vulnerability reportedly allowed the transmission of user data, including time zones and location indicators, back to Anthropic’s servers. Alibaba, a major Chinese e-commerce company, had previously flagged the concern and subsequently prohibited its employees from using Claude Code. The AI model is widely employed for generating and refining computer code and has been favored by various technology firms, although Chinese officials have considered alternatives such as Palantir for similar contracts.

Anthropic responded to the allegations by stating that the identified bug was intentional and part of a security measure designed to detect unauthorized use. The company indicated that Claude Code had not been licensed for distribution or operation within China. Thariq Shihipar, an engineer at Anthropic, elaborated on the purpose of this feature, explaining it was an experiment initiated in March aimed at preventing account misuse linked to unauthorized resellers and guarding against “distillation”—a contentious practice wherein AI models are reverse-engineered or copied to train competing products.

The matter of distillation lies at the heart of ongoing tensions between the United States and China concerning AI technology. U.S. companies have accused Chinese rivals of extracting advanced AI capabilities from American products to develop more affordable domestic competitors. In February, Anthropic publicly accused three Chinese AI firms—DeepSeek, Moonshot, and MiniMax—of engaging in distillation of its models.

To mitigate unauthorized access, Anthropic blocks attempts to reach its AI models from Chinese IP addresses. However, some companies and individuals reportedly circumvent these restrictions using virtual private networks (VPNs) to bypass China’s extensive internet censorship, known as the Great Firewall, which restricts access to many Western websites and services.

The dispute underscores the complex challenges faced by AI developers navigating international markets amid concerns over intellectual property protection, data privacy, and geopolitical tensions. Anthropic has recommended that Chinese users replace the compromised version of Claude Code with an updated iteration that reportedly eliminates the backdoor vulnerability.