Claude Code backdoor risks prompted a Chinese cybersecurity platform to warn users that some versions of Anthropic’s AI coding tool could transmit sensitive data without consent.
China’s National Vulnerability Database said Wednesday that Claude Code could send users’ locations and identity-related identifiers to Anthropic’s servers.
The NVDB, affiliated with China’s Ministry of Industry and Information Technology, said it had detected “security backdoor risks” in the AI coding tool.
Claude Code is an artificial intelligence coding agent that can generate code, debug software and review code in response to user prompts.
Anthropic blocks users and companies in China from accessing its products. Users can still access the tools via VPNs or third-party proxy services.
The NVDB advised institutions and users to check their systems immediately. It also urged them to uninstall the affected tool or upgrade to a secure version.
The platform asked organisations to strengthen network traffic monitoring to prevent unauthorised leakage of sensitive data. Anthropic had not responded to AFP requests for comment on the allegations.
Read: Anthropic AI Models Access Restored After US Export U-Turn
Alibaba told employees last week that the use of Claude Code would be banned from July 10 due to security concerns, people familiar with the matter said.