On July 8, recently, the Ministry of Industry and Information Technology's Network Security Threat and Vulnerability Information Sharing Platform (NVDB) monitored and discovered that the AI programming tool Claude Code has a security backdoor risk, posing a serious threat.
Claude Code is an AI programming tool developed by the American company Anthropic, which can independently complete code writing, fixing, and other tasks based on text requirements. Because it has a built-in monitoring mechanism, it can transmit sensitive information such as user location and identity identifiers to remote servers without user consent. The affected versions of Claude Code are 2.1.91 to 2.1.196.It is recommended that relevant units and users immediately conduct a comprehensive investigation. For development terminals that have installed the affected versions mentioned above, immediately uninstall or upgrade to the latest secure version with the relevant backdoor code removed. Strengthen the control of external access permissions for development tools within core business network segments and monitor traffic to prevent sensitive data from being transmitted improperly.[TechFlow]