China’s industry ministry has raised a cybersecurity alert concerning a significant “backdoor” vulnerability in Anthropic’s AI coding tool, Claude Code. This US-developed AI agent, which assists in generating, debugging, and reviewing code, reportedly contains a monitoring mechanism that can transmit sensitive user information, such as geographic location and identity details, to remote servers without consent. The warning pertains to Claude Code versions 2.1.91 through 2.1.196. Authorities have advised users and organizations to either uninstall these versions or upgrade to a secure release where the backdoor has been addressed. Additionally, tightening controls on external network access for development tools and enhancing traffic monitoring on key business networks have been recommended to prevent unauthorized data transfers. In response to these concerns, Alibaba has prohibited its employees from using Claude Code at work. Anthropic has yet to comment on the situation.

