China's programming tools see an increase as Claude Code is identified.
In short, China's National Vulnerability Database has identified several versions of Anthropic's Claude Code as possessing a security "back door" that may transmit user locations and identifiers to remote servers without permission. Anthropic claims the code was part of an experiment aimed at preventing unauthorized model distillation and that its policy has always prohibited users in China. Analysts believe this controversy will hasten the transition of Chinese developers toward local coding tools like ByteDance's Trae, Alibaba's Qoder, Tencent's CodeBuddy, and Zhipu's CodeGeeX and ZCode.
Beijing's cybersecurity warning regarding Anthropic is expected to accelerate a trend that is already occurring, as Chinese developers move toward domestic coding solutions, according to analysts from the South China Morning Post. This week, China's National Vulnerability Database, managed by the Ministry of Industry and Information Technology, issued an alert claiming that multiple versions of Claude Code have a security "back door." The agency stated that the software could send user locations and identity information to remote servers without consent and advised local organizations to uninstall the affected versions or update to fixed releases.
Both parties agree that the code in question exists, but they differ on its purpose. Anthropic has admitted to incorporating a tracking feature in Claude Code, describing it as a method to combat unauthorized "distillation" of its models. The company asserts that its usage policy has consistently banned China-based users from accessing its services. The situation has deeper implications, as last month, Anthropic accused Alibaba of attempting to extract its AI capabilities, leading Alibaba to subsequently prohibit its staff from using Claude Code, labeling it as high-risk software.
Cai Peng, a cybersecurity partner at Zhong Lun Law Firm in Beijing, anticipates that more Chinese companies will abandon foreign AI tools due to rising security concerns and the country's "strategic imperative" for technological self-sufficiency.
In terms of local platforms, ByteDance's Trae is an AI-driven development environment that utilizes natural-language prompts and autonomous agents, similar to Claude Code. Trae is capable of generating code, debugging software, explaining codebases, and creating applications from scratch. By the end of 2025, ByteDance reported that Trae had over 6 million registered users and 1.6 million monthly active users.
The localization of tools is a key selling point, with the China-focused version supporting domestic models like Doubao and DeepSeek, allowing users to integrate their own model APIs. Alibaba's Qoder, which evolved from its Tongyi Lingma assistant, is marketed as a comprehensive development workspace, managing code generation, project analysis, and autonomous task execution while permitting the use of custom API keys for external models.
Tencent and Zhipu also contribute to this space, with Tencent Cloud's CodeBuddy operating on the company's Hunyuan model alongside DeepSeek's, and supporting over 200 programming languages alongside various development tasks. Zhipu AI presents two tools: CodeGeeX—one of China's pioneering coding assistants trained on Huawei's MindSpore framework—and ZCode, a more ambitious service designed as the primary workspace for Zhipu's GLM-5.2 model. ZCode boasts a context window of up to 1 million tokens and can streamline entire workflows, from requirements gathering to documentation.
Notably, ZCode features a multi-model interface that allows switching between OpenAI and Google models during projects, indicating that the complete separation is not yet a reality.
The controversy over the back door represents a symptom of a broader trend—the division of software ecosystems along national lines. The gap between Chinese alternatives and US frontier labs is narrowing, making the case for using American tools less compelling for Chinese developers. Conversely, Beijing is contemplating restrictions on overseas access to its top models, while the US is limiting what American labs can sell.
Ultimately, Claude Code has never been an ideal choice for cost-sensitive users, as demonstrated by Microsoft’s quiet retreat from it. Price considerations, along with political factors, are driving developers to favor more affordable solutions. Consequently, two increasingly insular ecosystems are emerging, and for Anthropic, a market it never truly catered to is now closing, while local tools are poised for use.
Other articles
China's programming tools see an increase as Claude Code is identified.
Beijing identified Claude Code as a security vulnerability. This situation presents an opportunity for ByteDance's Trae, Alibaba's Qoder, Tencent's CodeBuddy, and Zhipu's ZCode to benefit.
