Anthropic Claude Code under fire over alleged backdoor security risk: What we know

HIGHLIGHTS

China’s database has flagged a possible security risk in some versions of Claude Code.

The agency claims the issue could expose user information through unauthorised data sharing.

Users and organisations have been advised to update or remove affected versions.

Anthropic Claude Code under fire over alleged backdoor security risk: What we know

China’s National Vulnerability Database has recently flagged a potential security risk over Claude Code, which is an AI-based coding tool developed by Anthropic. In the warning advisory issued by the database, they stated that some versions of Claude Code had a backdoor. They further claimed that users’ personal information and location details are being sent to the company servers without users’ consent. The agency had urged the individual users and organisations to stop using the affected versions immediately and update to the latest release. Here’s everything you need to know about the backdoor security threat claimed by China.

Digit.in Survey
✅ Thank you for completing the survey!

The National Vulnerability Database, a cybersecurity platform linked to China’s Ministry of Industry and Information Technology, shared a security advisory on Wednesday. The agency said that its security researchers had found what they described as a serious security ‘backdoor’ in Claude Code. According to the agency, the issue affects versions 2.1.91 through 2.1.196 of the AI coding assistant.

The regulator also claimed that the tool contains a built-in monitoring function that can transmit sensitive information, including a user’s location and identity-related details, to remote servers without the user’s knowledge or consent. It warned that such activity could expose personal and business data.

Also read: Jio Rs 55 entertainment plan offers access to over 1,000 live TV channels: Check validity, benefits and more

The National Vulnerability Database has asked organisations and individual users to review their systems and check if they are using the affected versions. Furthermore, they recommended uninstalling those or upgrading to the latest release in which the alleged issue has been removed.

dario-amodei-ceo-anthropic

The security agency has also advised the companies to tighten controls over external network access for development tools and improve monitoring of network traffic to reduce the risk of unauthorised data transfers.

Claude Code is an AI-powered coding assistant that helps users write software, review code, and fix programming errors using natural language prompts. Although Anthropic does not officially offer its services in China, some users access the platform through virtual private networks and third-party proxy services.

Also read: Samsung Galaxy Z Fold 8 Ultra, Galaxy Z Fold 8 and Galaxy Z Flip 8 to launch on July 22: Check expected specs and price

The warning follows reports that Chinese technology company Alibaba has barred employees from using Claude Code at work, a third-party feature that could help identify users based in China. However, the company has not publicly linked its decision to the latest advisory.

At the time of writing, Anthropic has neither acknowledged nor responded to the security concern claims made by the Chinese agency. Revisit Digit to check for more updates on the matter.

Bhaskar Sharma

Bhaskar Sharma

Bhaskar is a senior copy editor at Digit India, where he simplifies complex tech topics across iOS, Android, macOS, Windows, and emerging consumer tech. His work has appeared in iGeeksBlog, GuidingTech, and other publications, and he previously served as an assistant editor at TechBloat and TechReloaded. A B.Tech graduate and full-time tech writer, he is known for clear, practical guides and explainers. View Full Profile