Claude Code Security Backdoor Called Out, Bun's Million-Line Rewrite Sparks Controversy
In July 2026, Anthropic's AI coding tool Claude Code faced a security and trust crisis. On July 8, China's National Vulnerability Database (NVDB) issued a risk alert stating that Claude Code versions 2.1.91 to 2.1.196 had a built-in monitoring mechanism that sent sensitive information such as location and identity identifiers to remote servers without user consent, posing serious risks. Previously, Alibaba had announced a complete suspension of Claude products starting July 10. Anthropic team member Thariq Shihipar admitted the mechanism was an "experimental" anti-abuse measure launched in March 2026, targeting unauthorized account resale and model distillation attacks, and was removed in a new version on July 2.
Security Backdoor and Ban Controversy
- Backdoor Details: Reddit developers reverse-engineered and found that Claude Code had embedded spyware starting from version 2.1.91 and attempted to hide its behavior. NVDB classified it as "severely harmful" and recommended comprehensive checks.
- Account Bans: Data from Anthropic's Transparency Center shows that in the second half of 2025, 1.45 million accounts were banned, with only 1,700 successful appeals out of 52,000 (a 3.3% success rate). Businessman Piero Coen was banned for using the official Google Calendar integration, with only "suspicious signals" as the reason. Developer Peter Steinberger was also banned for "suspicious signals" without specific violation details.
- Industry Reaction: Meta has restricted engineers from using Claude Code and OpenAI Codex, fearing "involuntary model distillation" leading to code contamination, and even halted some projects.
Bun Rewrite: AI Experiment with a Million Lines of Code
- Event: Bun founder Jarred Sumner announced in May 2026 that using Anthropic's Claude Fable 5 and Claude Code, he rewrote Bun's million lines of code from Zig to Rust in 11 days, consuming approximately $165,000 in API costs. Bun is a high-performance JavaScript runtime acquired by Anthropic in December 2025.
- Reason: The Zig version had numerous memory safety bugs (e.g., use-after-free), and the Zig community had zero tolerance for LLM-generated code. The Bun team relied on AI development, and continuing with Zig would require maintaining a compiler fork.
- Controversy: Zig founder Andrew Kelley publicly criticized Jarred Sumner's engineering habits, calling the original codebase "hacker-style patches on patches." The AI-rewritten code was not manually reviewed, and the new codebase retained 27,000 lines of unsafe code blocks. Some developers worry about future maintenance costs, while others see it as a milestone experiment, reducing development costs to one-tenth and time from one year to two weeks.
Impact and Reflection
- Security Trust Crisis: The Claude Code backdoor incident exposed hidden dangers in AI tools regarding security and privacy, sparking industry doubts about "monitoring in the name of security." Anthropic's ban mechanism had a high false positive rate, further damaging user trust.
- AI Programming Paradigm: The Bun rewrite case demonstrates the potential and risks of AI in large-scale codebase refactoring. Technical debt, code maintainability, and community culture conflicts have become focal points, with long-term effects yet to be observed.
Also available in 中文.