Recently, there has been internal communication circulating within a state-owned enterprise in Shandong province, China. The notice requires all departments to investigate the usage of overseas programming AI like Claude Code and report the status by July 17th, while shifting to domestic tools. The Chinese Communist Party’s crackdown on foreign artificial intelligence tools is extending from tech companies to state-owned enterprises.
A screenshot of a notice titled “Notice on a Comprehensive Investigation of the Use of Overseas Programming AI like Claude Code” has been circulating in Chinese social media chat groups. The notice stated, “All departments at headquarters and affiliated units: Recently, following notifications from the Shandong Provincial State-owned Assets Supervision and Administration Commission and Shandong High-speed Group, it was revealed that the American company Anthropic’s programming AI, Claude Code, has a covert detection mechanism targeting Chinese users. It will mark users in the Chinese time zone and Chinese users accessing the Claude series large models through proxies, then covertly send back information to the model servers.”
The notice concluded with a directive for all departments to conduct a thorough investigation of the use of Claude Code and other overseas programming AI. If found in use, they were instructed to fill out the attached form and submit it to the research and development center by the end of this week, July 17th, and promptly switch to domestic programming AI.
A reporter from Shandong media, Mr. Liu, mentioned that the notice was initially forwarded by the Cyber Administration of the Shandong Provincial Committee of the Chinese Communist Party and the cyber police to the provincial state-owned assets commission and Shandong High-speed Group before disseminating to state-owned enterprises in Shandong. He stated, “The use of this tool was already prohibited, but some domestic enterprises were using it secretly. Now that the cyber police have discovered it, they are requesting businesses to self-audit for the presence of Claude Code AI assistants, remove them if found, and report the audit results to relevant authorities.”
Claude Code is an artificial intelligence programming tool introduced by Anthropic, capable of reading project files, analyzing code, executing terminal commands, and directly modifying programs. Mainland China is not an official service region for Claude, yet some developers continue to use it through overseas accounts, proxy servers, or third-party interfaces.
A programmer from Beijing, Mr. Chen, mentioned that many programmers in China have been using Claude Code, especially for generating code, modifying programs, and debugging, as it enhances efficiency. However, once such tools are integrated into enterprise projects, they may access code repositories, configuration files, and interface addresses. The sudden audit requirement for state-owned enterprises poses an increase in labor costs when switching to domestic tools, potentially impacting functionality and stability. Some enterprises may choose to continue using Claude Code.
Recently, IT Home reported based on developers’ reverse analysis that certain versions of Claude Code access user-configured interface addresses, computer time zones, and proxy domain names, adding hidden tags related to connections with Chinese artificial intelligence institutions, tech companies, and reselling services. These tags are sent to Anthropic servers alongside user requests.
According to reports citing Anthropic’s response, this feature was introduced as an experiment in March of this year to identify unauthorized account reselling and model distillation behaviors. The company has pledged to remove the related hidden tags.
A network engineer from Zhengzhou, Henan Province, Mr. Wang (alias), mentioned to reporters that just reading this information does not necessarily indicate a backdoor in Claude Code. Many software programs conduct risk control and anti-abuse checks.
He added, “Traditionally, a backdoor typically bypasses normal permissions, remotely controls devices, or steals data; this practice aligns more with covert tracking and user profiling. However, given Claude Code’s ability to read code, configuration files, and execute commands with higher permissions, when combined with identification mechanisms and other data collections, companies may be concerned about exposing internal code, project data, and development environments.”
The Network Security Threat and Vulnerability Information Sharing Platform under the Ministry of Industry and Information Technology of the Chinese Communist Party issued a risk alert on July 8th, stating that certain versions of Claude Code have a “security backdoor risk.” The platform indicated that the tool has an embedded monitoring mechanism that can transmit users’ geographic locations, identity tags, and other sensitive information to remote servers without user consent. The affected versions range from 2.1.91 to 2.1.196, recommending relevant entities and users to immediately uninstall the affected versions or upgrade to the latest version cleared of such code.
Mr. Wang highlighted that the Chinese government’s demand for domestic software to include backdoors while enforcing a comprehensive ban on foreign software no longer pertains solely to national security issues but resembles a form of indoctrination, portraying foreign products as unreliable and foreign software as spyware. He expressed that it intensifies the public’s binary perception of ‘us vs. them.’
