China's National Vulnerability Database warns Claude Code contains spywareAlibaba recently banned Claude use internally over user tracking fearsAnthropic says it's designed to prevent model distillation and illegal useChina has accused Anthropic's Claude Code of containing what it describes as "security backdoor vulnerabilities" after the country's National Vulnerability Database (CNVDB) found mechanisms capable of transmitting user information to Anthropic servers without explicit user permission.Researchers accuse the software vendor of collecting information like user identity, geographic location, system environment information and other machine metadata.The alleged "backdoor" presents risks of data leakage, IP exposure and other enterprise risks, hence Alibaba's recent decision to ban Claude Code internally.China backs Alibaba's accusations regarding Claude Code, AnthropicAlibaba engineers reverse engineered Claude Code to reveal checks for Chinese system time zones, proxy servers, AI lab infrastructure and network characteristics.Chinese authorities are now advising users to uninstall vulnerable releases to upgrade to newer versions that remove or alter this behavior. CNVDB claims versions 2.1.91 to 2.1.196 are affected,While Anthropic has rejected claims that Claude Code contains malicious spyware or an intentional espionage backdoor, it has admitted that those functionalities do admit, framing the purpose as an anti-abuse experiment. Anthropic has been worried about unauthorized resale and model distillation, which it has already accused Alibaba of doing.VPNs, proxies, cloud workarounds and international subsidiaries have also sprung up to give developers access to the otherwise restricted tools, hence Anthropic's work to block access where it's restricted.