China's NVDB flags Claude Code backdoor, boosting domestic AI coding tools

Share:
Audio Loading voice…
China's NVDB flags Claude Code backdoor, boosting domestic AI coding tools

Synopsis

China's government cybersecurity body has flagged Anthropic's Claude Code as a backdoor threat, and with Anthropic itself confirming China is barred from its services, a state-backed push toward domestic AI coding tools like ByteDance's CodeBuddy and DeepSeek appears all but inevitable.

Key Takeaways

China's NVDB , under the Ministry of Industry and Information Technology , issued an alert this week claiming Claude Code contains a security back door that can transmit user locations and identities without consent.
Anthropic acknowledged last week that it embedded tracking code in Claude Code to prevent unauthorised model distillation.
Responding on Wednesday , Anthropic stated its usage policy has always barred China -based users from its services.
Cai Peng , cybersecurity partner at Zhong Lun Law Firm in Beijing , said the alert will push more Chinese companies toward domestic AI tools citing security concerns and tech self-reliance imperatives.
Domestic beneficiaries include ByteDance 's CodeBuddy , Alibaba , Tencent 's Hunyuan , Huawei Technologies ' Ascend AI , CodeGeeX , and DeepSeek .

China's National Vulnerability Database (NVDB), overseen by the Ministry of Industry and Information Technology, issued a cybersecurity alert this week accusing multiple versions of Anthropic's Claude Code of containing a security 'back door' — a warning analysts say will accelerate Chinese developers' migration to homegrown AI coding alternatives.

The Backdoor Allegation

According to the NVDB, Claude Code could transmit user locations and identities to remote servers without consent. The agency urged local organisations to uninstall affected versions immediately or upgrade to patched releases. The alert arrived days after Anthropic publicly acknowledged embedding tracking code into Claude Code to prevent the unauthorised copying — or 'distillation' — of its underlying models.

Responding to the NVDB's alert on Wednesday, Anthropic stated that its usage policy had always barred users based in China from accessing its services, effectively distancing itself from any liability in the market.

Why It Matters

Cai Peng, a Beijing-based cybersecurity partner at Zhong Lun Law Firm, said he expected more Chinese companies to abandon foreign AI tools, driven by mounting security concerns and the country's 'strategic imperative' for tech self-reliance. The episode sharpens a divide already deepened by export controls and geopolitical friction between Washington and Beijing.

For developers inside China, the practical effect is a narrowing of credible foreign options, pushing demand toward a cluster of domestic coding assistants that have been quietly gaining ground.

The Competitive Backdrop

Several Chinese technology giants have been building AI-powered coding tools that stand to benefit directly. ByteDance's CodeBuddy, Alibaba's suite of developer AI products, Tencent's Hunyuan-backed offerings, Huawei Technologies' Ascend AI platform, and the open-source CodeGeeX are among the alternatives analysts point to. DeepSeek, which drew global attention earlier this year for its cost-efficient models, also figures prominently in discussions about domestic substitution.

Notably, Google — another foreign player — faces similar access constraints in China, leaving the field increasingly open to domestic incumbents with established compliance frameworks and local data-residency guarantees.

What's Next

The NVDB alert is unlikely to be the last regulatory signal of its kind. As Beijing tightens scrutiny of foreign software in critical infrastructure and developer toolchains, Chinese enterprises face growing institutional pressure to audit and replace non-domestic AI dependencies. Procurement cycles at state-linked organisations are expected to be most immediately affected.

Investors and industry watchers will be tracking whether the alert translates into measurable user-growth for platforms like CodeBuddy and CodeGeeX in coming quarters — and whether Anthropic's explicit China exclusion policy emboldens other Western AI labs to follow suit.

Point of View

However justified as anti-distillation protection, handed Chinese regulators a technically defensible hook to accelerate substitution. The episode mirrors earlier moves against foreign cloud and semiconductor vendors, suggesting a repeating playbook: wait for a Western company to take an action that can be framed as a sovereignty risk, then formalise the exit. For domestic players like ByteDance and Huawei, the regulatory environment is becoming a structural tailwind that no product roadmap alone could manufacture.
NationPress
11 Jul 2026

Frequently Asked Questions

What did China's NVDB say about Claude Code?
China's National Vulnerability Database issued an alert this week claiming multiple versions of Anthropic's Claude Code contained a security back door capable of sending user locations and identities to remote servers without consent. The agency urged Chinese organisations to uninstall affected versions immediately or upgrade to patched releases.
Why did Anthropic embed tracking code in Claude Code?
Anthropic acknowledged last week that it added tracking code to Claude Code specifically to prevent the unauthorised copying — known as 'distillation' — of its AI models. The company said this was a protective measure against intellectual property theft, not a surveillance tool.
Can users in China access Anthropic's Claude Code?
No. Responding to the NVDB alert on Wednesday, Anthropic stated that its usage policy has always prohibited users based in China from accessing its services, meaning the tool was already off-limits to Chinese users before the alert was issued.
Which Chinese AI coding tools could benefit from the Claude Code ban?
Analysts point to ByteDance's CodeBuddy, Alibaba's AI developer tools, Tencent's Hunyuan-backed products, Huawei Technologies' Ascend AI platform, the open-source CodeGeeX, and DeepSeek as the domestic alternatives most likely to see increased adoption following the alert.
What does the NVDB alert mean for foreign AI tools in China more broadly?
According to Cai Peng, a cybersecurity partner at Zhong Lun Law Firm in Beijing, the alert is expected to push more Chinese companies away from foreign AI tools due to security concerns and China's strategic imperative for tech self-reliance. State-linked organisations are likely to face the most immediate pressure to audit and replace non-domestic AI dependencies.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest Yesterday
  2. 1 week ago
  3. 2 weeks ago
  4. 4 weeks ago
  5. 1 month ago
  6. 1 month ago
  7. 3 months ago
  8. 4 months ago
Google Prefer NP
On Google