According to JIN10, recently, the National Vulnerability Database (NVDB) of the Ministry of Industry and Information Technology’s Cybersecurity Threats and Vulnerabilities Information Sharing Platform detected a security backdoor vulnerability in the AI programming tool Claude Code, posing a serious threat.
Claude Code is an AI programming tool developed by U.S.-based Anthropic. It can autonomously generate and debug code based on textual prompts. However, due to its built-in monitoring mechanism, it transmits sensitive user information—including geographic location and identity identifiers—to remote servers without user consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.[PANews]