Welcome to the IKCEST
China's industry regulator flags 'backdoor' risk in Claude Code

China's industry regulator has flagged security risks in Claude Code, an artificial intelligence programming tool developed by US startup Anthropic, warning that certain versions could expose sensitive user information through unauthorized data transmission.

The Ministry of Industry and Information Technology's Network Security Threat and Vulnerability Information Sharing Platform said on Wednesday that it had detected a potential "backdoor" risk in Claude Code, describing the threat as serious.

Claude Code, an AI coding assistant that can independently generate, debug, and modify software based on natural-language instructions, has become part of a new wave of AI tools reshaping software development.

The NVDB said affected versions range from 2.1.91 to 2.1.196. It alleged that the tool's built-in monitoring mechanisms could transmit sensitive information — including users' location data and identity-related identifiers — to remote servers without user authorization.

The platform urged companies and developers using affected versions to immediately conduct security checks and remove the vulnerable versions or upgrade to the latest releases that have eliminated the relevant code.

It also advised organizations to tighten controls over external connections from development tools on critical business networks and strengthen traffic monitoring to prevent unauthorized leakage of sensitive data.

 

Original Text (This is the original text for your reference.)

China's industry regulator has flagged security risks in Claude Code, an artificial intelligence programming tool developed by US startup Anthropic, warning that certain versions could expose sensitive user information through unauthorized data transmission.

The Ministry of Industry and Information Technology's Network Security Threat and Vulnerability Information Sharing Platform said on Wednesday that it had detected a potential "backdoor" risk in Claude Code, describing the threat as serious.

Claude Code, an AI coding assistant that can independently generate, debug, and modify software based on natural-language instructions, has become part of a new wave of AI tools reshaping software development.

The NVDB said affected versions range from 2.1.91 to 2.1.196. It alleged that the tool's built-in monitoring mechanisms could transmit sensitive information — including users' location data and identity-related identifiers — to remote servers without user authorization.

The platform urged companies and developers using affected versions to immediately conduct security checks and remove the vulnerable versions or upgrade to the latest releases that have eliminated the relevant code.

It also advised organizations to tighten controls over external connections from development tools on critical business networks and strengthen traffic monitoring to prevent unauthorized leakage of sensitive data.

 

Comments

    Something to say?

    Login or Sign up for free

    Disclaimer: The translated content is provided by third-party translation service providers, and IKCEST shall not assume any responsibility for the accuracy and legality of the content.
    Translate engine
    Article's language
    English
    中文
    Pусск
    Français
    Español
    العربية
    Português
    Kikongo
    Dutch
    kiswahili
    هَوُسَ
    IsiZulu
    Action
    Related

    Report

    Select your report category *



    Reason *



    By pressing send, your feedback will be used to improve IKCEST. Your privacy will be protected.

    Submit
    Cancel