China's National Vulnerability Database (NVDB), operated by the Ministry of Industry and Information Technology (MIIT), has issued a cybersecurity advisory alleging security vulnerabilities in Anthropic's Claude Code, an AI-powered coding assistant, and has urged organisations and users to review and secure affected systems.
According to a statement released by the NVDB, the advisory concerns Claude Code versions 2.1.91 to 2.1.196, which the agency claims contain a built-in monitoring mechanism that could transmit user information—including regional data and identity identifiers—to remote servers without explicit user consent.
Claude Code is an AI programming assistant developed by US-based AI company Anthropic, designed to automate software development tasks such as writing, debugging and modifying code based on natural language prompts.
The NVDB has advised organisations in China to conduct immediate inspections of development environments where the affected versions are installed. It recommends uninstalling the impacted releases or upgrading to the latest version, which it says no longer contains the reported code.
The agency also called for stricter controls over outbound connections from development environments, including enhanced network traffic monitoring and tighter access controls, particularly for systems connected to critical business networks. These measures, it said, are intended to reduce the risk of unauthorised transmission of sensitive information.
The advisory comes amid increasing scrutiny of foreign AI development tools in China. According to a report by Global Times, China's state-owned newspaper, Alibaba Group has recently instructed employees not to use Claude Code for work-related purposes. The report, citing a person familiar with the matter, said the move followed concerns that the AI tool includes capabilities that could identify users linked to China.
The reported restriction reflects broader concerns among Chinese organisations regarding the security, data governance and compliance implications of deploying overseas-developed AI tools in enterprise software development.
The NVDB's latest warning underscores China's continued focus on strengthening cybersecurity oversight as AI-powered coding assistants become more widely adopted. It also highlights the growing global attention on the security, privacy and governance of generative AI tools used in software engineering.
At the time of publication, Anthropic had not publicly responded to the allegations made by the NVDB regarding the reported vulnerabilities or the versions identified in the advisory.


