China's National Vulnerability Database said on July 8, 2026, that Claude Code versions 2.1.91 through 2.1.196 contain a built-in monitoring mechanism that can send location and identity-related identifiers to remote servers without user authorization. The warning matters for AI and software teams because developer tools often run inside privileged network and repository environments, so telemetry or anti-abuse code can become a supply-chain and compliance issue. China Daily and The Register both report that users were urged to investigate, uninstall affected builds, or upgrade to a secure version. The Register says Anthropic did not immediately comment, while a Claude Code engineer previously said an anti-distillation steganography experiment was removed in 2.1.198 on July 1.
China issues 'backdoor' security alert over Anthropic's Claude Code