China issues ‘backdoor’ security alert over Anthropic’s Claude Code


A cybersecurity platform operated by China’s industry ministry warned on Wednesday that ​it had identified a serious security “backdoor” risk ‌in Anthropic’s AI coding tool, Claude Code.

US-based Claude Code is an AI agent capable of generating, debugging and reviewing code based on user prompts.

China’s National Vulnerability Database (NVDB), in a statement posted on its WeChat account, said Claude Code contained a built-in monitoring mechanism capable of transmitting ⁠sensitive information, including users’ geographic location and ​identity-related identifiers, to remote servers without users’ consent.

The ​warning applied to Claude Code versions 2.1.91 through 2.1.196, according to the state-operated cybersecurity platform.

Read: A new, inexpensive Chinese AI model is catching up with Anthropic, OpenAI on their home turf

NVDB advised that organisations and users in the country should immediately review ​affected systems and either uninstall the impacted ​versions or upgrade to the latest secure release in ‌which ⁠the alleged backdoor code has been removed.

It also urged organisations to tighten controls on external network access for development tools and strengthen ​traffic monitoring ​on core ⁠business networks to prevent the unauthorised transfer of sensitive data.

China’s Alibaba had banned employees from using Claude ​Code ⁠at work after the tool drew scrutiny for features enabling it to identify China-linked users, ⁠Reuters reported last week.

Anthropic did not reply to a Reuters request for comment.

Also Read: Alibaba.com sees CPEC 2.0 boosting trade



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *