China Advises Developers to Remove Vulnerable Claude Code

China's National Vulnerability Database said on July 8, 2026, that Claude Code versions 2.1.91 through 2.1.196 contain a built-in monitoring mechanism that can send location and identity-related identifiers to remote servers without user authorization. The warning matters for AI and software teams because developer tools often run inside privileged network and repository environments, so telemetry or anti-abuse code can become a supply-chain and compliance issue. China Daily and The Register both report that users were urged to investigate, uninstall affected builds, or upgrade to a secure version. The Register says Anthropic did not immediately comment, while a Claude Code engineer previously said an anti-distillation steganography experiment was removed in 2.1.198 on July 1.
The practical issue for ML and software teams is not only whether CNVDB's allegation is ultimately accepted by Anthropic. It is that AI developer tools now sit close enough to source code, terminals, and network egress that telemetry experiments can become supply-chain security incidents when they are opaque, jurisdiction-sensitive, or poorly documented.
What happened
China Daily reports that China's National Vulnerability Database warned about Claude Code versions 2.1.91 through 2.1.196, alleging that a built-in monitoring mechanism could transmit location data and identity-related identifiers to remote servers without user authorization. The Register separately reports the same affected version range and says users were advised to investigate, uninstall affected builds, or upgrade. The Register also says Anthropic did not immediately respond to its request for comment.
Timeline
The Register and China Daily identify Claude Code 2.1.91 as the first affected release in the advisory range.
The Register says Claude Code 2.1.196 was the last affected release named by CNVDB.
The Register reports that Claude Code 2.1.198 removed the steganography mechanism described by a Claude Code engineer.
CNVDB warned users to investigate, uninstall affected versions, or upgrade to a secure release.
Security context
Developer AI tools are unusually sensitive because they can observe prompts, code, repository structure, local commands, and sometimes credentials or internal service names. Even telemetry designed for abuse prevention or model-protection can create compliance risk if users cannot inspect what is collected, where it is sent, or how it is documented in release notes.
For practitioners
Teams using Claude Code should inventory installed versions, block or upgrade the affected range where policy requires it, and review outbound network controls for developer machines. The broader lesson is to treat AI coding tools like supply-chain software: pin versions, monitor changelogs, inspect egress, and require a documented vendor explanation for any hidden or experimental telemetry mechanism.
What to watch
The next useful signal would be a direct Anthropic statement, a CNVDB or ministry follow-up with technical indicators, or independent reverse-engineering that confirms or narrows the alleged behavior. Watch also whether large Chinese technology buyers keep Claude Code restrictions in place or move to domestic coding-agent alternatives.
Key Points
- 1CNVDB warning turns Claude Code telemetry allegations into a supply-chain security review for teams using AI developer tools.
- 2The affected range, 2.1.91 through 2.1.196, gives practitioners concrete versions to inventory, block, or upgrade.
- 3The case links model-protection experiments, developer privacy, and enterprise geopolitical trust concerns around imported AI coding tools.
Scoring Rationale
A national vulnerability warning about a widely used AI developer tool is materially important for ML teams because it affects telemetry, privacy, and supply-chain controls. The allegation still needs a direct vendor response and independent technical confirmation, so it is notable but not yet industry-shaking.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
