The Ministry of Industry and Information Technology issued a risk alert on preventing the security backdoor risks of the AI programming tool Claude Code.

robot
Abstract generation in progress

Deep Tide TechFlow News, July 8 - Recently, the Ministry of Industry and Information Technology's Network Security Threat and Vulnerability Information Sharing Platform (NVDB) detected that the AI programming tool Claude Code has a security backdoor hazard with serious consequences.

Claude Code is an AI programming tool developed by the American company Anthropic. It can autonomously write and fix code based on text requirements. Due to its built-in monitoring mechanism, it sends sensitive information such as user location and identity identifiers to a remote server without user consent. The affected versions of Claude Code are 2.1.91 to 2.1.196.

It is recommended that relevant units and users immediately conduct a comprehensive inspection. For development terminals with the affected versions installed, immediately uninstall or upgrade to the latest security version that has removed the relevant backdoor code; strengthen the management of external access permissions and traffic monitoring for development tools within core business network segments to prevent unauthorized transmission of sensitive data.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned