BEIJING, July 8 (Reuters) – A cybersecurity platform operated by China’s industry ministry warned on Wednesday that it had identified a serious security “backdoor” risk in Anthropic’s AI coding tool, Claude Code.
• In a statement posted on its WeChat account, the National Vulnerability Database (NVDB) said Claude Code contains a built-in monitoring mechanism capable of transmitting sensitive information, including users’ geographic location and identity-related identifiers, to remote servers without users’ consent.
• The warning applies to Claude Code versions 2.1.91 through 2.1.196.
• NVDB advised that organizations and users should immediately review affected systems and either uninstall the impacted versions or upgrade to the latest secure release in which the alleged backdoor code has been removed.
• It also urged organizations to tighten controls on external network access for development tools and strengthen traffic monitoring on core business networks to prevent the unauthorized transfer of sensitive data.
• China’s Alibaba has banned employees from using Claude Code at work after the tool drew scrutiny for features that can help identify China-linked users, Reuters reported last week.
• Anthropic did not immediately reply to a Reuters request for comment.
(Reporting by Qiaoyi Li and Laurie Chen; Editing by Christian Schmollinger)








Comments