According to the "Network Security Threat and Vulnerability Information Sharing Platform (NVDB)" of the Ministry of Industry and Information Technology's notice on July 8, it was recently monitored that Claude Code, an AI programming tool developed by the US company Anthropic, has serious security backdoor risks.
The notice pointed out that the affected versions of Claude Code are 2.1.91 to 2.1.196. The tool has a built-in monitoring mechanism that can transmit sensitive user data such as user location and identity to remote servers without user consent.Official recommendations suggest that relevant units and users should immediately conduct a comprehensive investigation, uninstall terminals with the affected versions mentioned above, or upgrade to the latest secure version with the relevant backdoor code removed. At the same time, control over external access permissions for development tools within core business network segments and traffic monitoring should be strengthened to strictly prevent the unauthorized transmission of sensitive data.[ChainCatcher]