The Chinese government has raised alarms regarding a potential security backdoor in the AI coding tool Claude Code developed by U.S.-based company Anthropic. The warning comes from China’s National Vulnerability Database (NVDB), which advises users to uninstall or update their versions immediately to mitigate risks.

Significance of the Discovery

This warning is critical as it reflects ongoing tensions in the technology sector between the U.S. and China. The identification of security vulnerabilities can lead to significant trust issues for technologies coming from foreign entities, especially in sensitive industries.

  • Versions of Claude Code affected include 2.1.91 through 2.1.196.
  • The alleged security flaw could transmit users' location and identity data to Anthropic's servers without consent.
  • Chinese firm Alibaba halted the use of the tool among employees starting July 10.

The NVDB asserted that the affected versions could collect geographic location and personal identity data from users and transmit this information without their permission. This has been labeled a 'severe threat' necessitating immediate action.

Corporate Response to Security Concerns

Following the NVDB's warning, Alibaba, a major player in the Chinese tech sector, preemptively announced a ban on the use of Claude Code for its employees. Instead, the company directed staff to utilize its proprietary coding assistant known as Qoder, echoing the concerns raised by the NVDB.

There are growing tensions between Alibaba and Anthropic, as the latter has previously accused Chinese firms of adopting techniques that could undermine its technology. These developments highlight the complex dynamics in the artificial intelligence landscape, where trust and security remain paramount.

Next Steps and Future Monitoring

As the situation unfolds, stakeholders will need to monitor the response from Anthropic, which has yet to issue an official public statement. However, Claude Code engineer Thariq Shihipar noted that the data tracking in question was part of an experiment aimed at preventing misuse. He confirmed that measures to address these issues are already being implemented in subsequent releases.

For users and organizations that rely on Claude Code, keeping software updated and staying informed on security advisories will be essential. The incident reinforces the critical nature of cybersecurity in AI applications and the ongoing need for vigilance in technology adoption.

This material is for informational purposes only and does not constitute financial advice.