China’s Network Security Threat and Vulnerability Information Sharing Platform (NVDB) said it detected a potential security backdoor risk in the AI coding tool Claude Code, describing the threat as serious and affecting versions 2.1.91 to 2.1.196.
According to Foresight News, Claude Code is an AI programming tool developed by U.S.-based Anthropic that can write and fix code based on text instructions.
NVDB said the tool includes a built-in monitoring mechanism that can transmit sensitive information to a remote server without user consent, including a user’s location and identity identifiers.
NVDB recommended that relevant organizations and users conduct immediate checks. It advised uninstalling affected versions on development terminals or upgrading to the latest secure version that has removed the related backdoor code.
It also recommended strengthening controls over external network access permissions for development tools within core business network segments and enhancing traffic monitoring to prevent unauthorized transmission of sensitive data.