China's National Vulnerability Database (NVDB) has issued a warning regarding Anthropic's coding assistant, Claude Code, identifying built-in mechanisms in versions 2.1.91 to 2.1.196 that may compromise user data security. These mechanisms reportedly send users' regional and identity information to remote servers without obtaining necessary consent.
Importance of the Warning
This alert is critical for developers and organizations in China, particularly those utilizing Claude Code. The NVDB's guidance highlights significant data privacy concerns amid growing scrutiny of software security.
Key Details from the NVDB Alert
- Versions affected: 2.1.91 through 2.1.196.
- Data potentially transmitted includes users' region and identity identifiers.
- Developers are advised to uninstall or upgrade their coding assistants promptly.
- The advisory follows Alibaba's reported restriction on the software's usage among its staff.
The NVDB did not divulge the methods used to uncover the alleged backdoor. As tensions rise between Anthropic and Chinese AI developers, this warning comes after Anthropic expressed concerns about unauthorized access to its models within China. In February, the company claimed that its software was not offered for commercial use in China due to national security risks, accusing some local labs of using deceptive means to access its tools.
Looking Ahead
As the situation evolves, stakeholders in the tech and AI communities should closely monitor developments regarding Claude Code's usage in China, as well as Anthropic's response to the NVDB's claims. The discourse surrounding national security and software vulnerabilities continues to escalate.
This material is for informational purposes only and does not constitute financial advice.



