China’s Ministry of Industry and Information Technology issued a formal cybersecurity advisory on July 8 warning that Anthropic’s Claude Code contains “back-door” vulnerabilities that pose “a serious threat,” according to CNBC. The alert marks the first time a Chinese government body has officially flagged an American AI coding agent as a security risk.
The MIIT’s cybersecurity threat platform identified affected versions as 2.1.91 through 2.1.196, which cover releases from April 2 to June 29, 2026, according to Anthropic’s changelog. The advisory states that vulnerable versions can send sensitive information, including user location and identity, to a remote server without consent. The platform recommended users uninstall or upgrade from affected versions. Anthropic’s latest version as of Wednesday is 2.1.204, per its website.
Anthropic did not immediately respond to CNBC’s request for comment.
Escalation in a Three-Week Conflict
The advisory is the latest move in a rapidly escalating conflict between Anthropic and Chinese entities over Claude Code.
NCT previously reported that Alibaba discovered and disabled Claude Code internally after identifying what it described as a hidden China-detection mechanism, ordering employees to switch to its own Qoder tool. CNBC confirmed on July 6 that Alibaba has ordered employees to stop using Anthropic tools starting July 10.
The Washington Post published an investigation on July 6 detailing large-scale distillation attacks by Chinese AI companies against Claude Code. Anthropic deployed detection software in March 2026 to identify and block China-based usage after discovering the campaigns.
The MIIT advisory reverses the narrative. Where Anthropic framed the conflict as defending its intellectual property from Chinese extraction, China’s cybersecurity platform is now framing Claude Code itself as a security liability for domestic users.
Version Scope and Practical Impact
The affected version range, 2.1.91 through 2.1.196, spans nearly three months of Claude Code releases. The advisory’s specific claim, that these versions can transmit user location and identity data without consent, would represent a significant privacy violation if confirmed independently.
Claude Code is not officially available in China, but CNBC reported that a Xiaomi AI developer noted at a state-organized forum in March that many Chinese developers were using it. The advisory’s practical effect is to give Chinese organizations formal government backing for banning the tool, beyond Alibaba’s internal decision.
Agents as Contested Infrastructure
The sequence over the past three weeks follows a pattern: Anthropic blocks Chinese access (March), Chinese firms attempt distillation (reported July 6), Alibaba bans Claude Code internally (July 5-6), and now the Chinese government issues a formal security advisory (July 8).
For enterprises deploying AI coding agents in any jurisdiction, the takeaway is that autonomous agents with access to code, files, and system configurations are becoming contested infrastructure in the U.S.-China technology competition. Version management and network monitoring for agentic tools is no longer optional.