YYaaa News

China Calls Anthropic's Anti-Distillation Code a Backdoor

TL;DR

China's MIIT flagged Claude Code 2.1.91-2.1.196 for a backdoor; Anthropic said it was an anti-distillation experiment.

China's Ministry of Industry and Information Technology, through its NVDB threat-sharing platform, issued a risk alert on July 8 warning that Anthropic's Claude Code contains a backdoor that transmits a user's region and identity identifiers to a remote server without consent. The notice named versions 2.1.91 through 2.1.196, covering every release from April 2 to June 29, described the harm as "severe," and told Chinese organisations to immediately audit, uninstall, or upgrade to the cleaned build, and to tighten access control and traffic monitoring on developer tools running inside core business networks.

The technical claim traces to a developer's late-June reverse-engineering of Claude Code 2.1.196. He found that starting with 2.1.91, the tool checked system timezone and proxy configuration to fingerprint China-linked users, a detection path that never appeared in any release note. MIIT's alert cites that analysis directly.

Anthropic Claude Code engineer Thariq Shihipar replied on social media that the code was an "experimental" measure shipped in March to block unauthorised account resellers and to guard against model-distillation attacks by rival labs. He wrote that the mechanism was removed in the version released on July 2.

Anthropic last month publicly accused Alibaba of trying to extract Claude's capabilities, and Claude Code has never been officially available in mainland China. The detection routine Anthropic frames as an anti-distillation guardrail is now the centrepiece of a national AI security sweep run by Beijing.

via CNBC / Global Times / Sina Tech
工信部點名 Claude Code 內建後門|Anthropic 承認代碼原本是用來擋中國蒸餾