China Warns of Backdoor in Anthropic's Claude Code

China Warns of Backdoor in Anthropic's Claude Code
Image source: CBS News
Save
0:00 / 0:00

Beijing — Chinas National Vulnerability Database on Wednesday warned that versions of Anthropic's AI coding tool Claude Code contain a "security backdoor" that could transmit sensitive user information to Anthropic's servers.

The NVDB, which is affiliated with China's Ministry of Industry and Information Technology, said the alleged backdoor could enable the software to "transmit sensitive information," including users' locations and identity-related identifiers, back to Anthropic's servers without users' consent.

Claude Code is an AI coding agent that can generate computer code, debug software and review code based on user prompts.

San Francisco startup Anthropic blocks users and companies in China and other nations it deems adversarial from accessing its products, but it is still possible to use them in the country through VPN or third-party proxy services.

The NVDB said on its website that it had recently "detected that the AI coding tool Claude Code contains security backdoor risks, posing a severe threat."

Anthropic hasn't responded to requests for comment on the allegations, which first emerged in specialist tech media last week.

The NVDB advised relevant institutions and users "to conduct a comprehensive check immediately" and "promptly uninstall or upgrade to the latest secure version from which the relevant backdoor code has been removed," and urged organizations to strengthen network traffic monitoring to prevent the unauthorized leakage of sensitive data.

Chinese tech giant Alibaba told employees last week that the use of Claude Code would be banned starting July 10 because of security concerns, people familiar with the matter said.

Anthropic has previously accused Alibaba of reverse-engineering its AI models to mimic their abilities in a process known as "distillation."

Claude Code engineer Thariq Shihipar responded in an X post last week to reports alleging the tool was tracking certain data from Chinese users. "This is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation," Shihipar wrote. "The team has landed stronger mitigations since then and we've actually been meaning to take this down for a while. ... This should be fully rolled back in tomorrow's release."

Source