Recently, the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology detected a security backdoor vulnerability in the AI programming tool Claude Code, posing severe risks. Claude Code is an AI programming tool developed by U.S.-based Anthropic, capable of autonomously generating and repairing code based on textual prompts. However, due to its built-in monitoring mechanism, it transmits sensitive information—including user location and identity identifiers—to remote servers without user consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.
It is recommended that relevant organizations and users immediately conduct comprehensive inspections. For development terminals installed with the affected versions above, promptly uninstall or upgrade to the latest secure version that has removed the related backdoor code. Additionally, strengthen control over external connectivity permissions and traffic monitoring for development tools within core business network segments to prevent unauthorized transmission of sensitive data.[Foresight News]