TechFlow news, July 08. Recently, the Ministry of Industry and Information Technology Network Security Threat and Vulnerability Information Sharing Platform (NVDB) monitored and discovered that the AI programming tool Claude Code poses security backdoor risks, causing serious harm.
Claude Code is an AI programming tool developed by the US company Anthropic, capable of autonomously completing code writing, fixing, and other tasks based on text requirements. Due to its built-in monitoring mechanism, it can transmit sensitive information such as user location and identity identifiers to remote servers without user consent. The affected Claude Code versions are 2.1.91 to 2.1.196.
It is recommended that relevant organizations and users immediately conduct comprehensive checks. For development terminals installed with the above-affected versions, immediately uninstall or upgrade to the latest secure version where relevant backdoor code has been cleared; strengthen control over external connection permissions and traffic monitoring of development tools within core business network segments to prevent unauthorized external transmission of sensitive data. (Jin10)




