工信部发布关于防范AI编程工具Claude Code安全后门隐患的风险提示
Odaily Planet Daily News Recently, the Ministry of Industry and Information Technology's National Vulnerability Database (NVDB) for Cybersecurity Threats and Vulnerabilities detected serious security backdoor risks in the AI programming tool Claude Code.
Claude Code is an AI programming tool developed by the US-based company Anthropic, capable of autonomously completing tasks such as code writing and fixing based on text prompts. Due to its built-in monitoring mechanism, it transmits sensitive information, including user location and identity identifiers, to remote servers without user consent. The affected versions of Claude Code range from 2.1.91 to 2.1.196.
It is recommended that relevant units and users immediately conduct a comprehensive inspection. For development terminals installed with the aforementioned affected versions, they should uninstall or upgrade to the latest secure version that has removed the relevant backdoor code. Additionally, strengthen external access control and traffic monitoring for development tools within core business network segments to prevent unauthorized transmission of sensitive data.
