Claude Code was monitored by the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology and found to have security backdoor risks.. NVDB stated that the AI programming tool can return sensitive information such as the user's location and identity to the remote server without the user's consent, and related problems are seriously harmful.
Public information shows that Claude Code is an AI programming tool developed by the American company Anthropic, which can independently complete code writing, repair and other tasks according to user text needs. The affected version this time isClaude Code version 2.1.91 to 2.1.196.
NVDB recommends that relevant units and users should immediately carry out comprehensive investigations. For development terminals that have the above affected versions installed, you shouldUninstall now or upgrade to the latest secure version that has removed the relevant backdoor code.
At the same time, NVDB also recommends strengthening the external permission control and traffic monitoring of development tools within the core business network segment to prevent the illegal transmission of sensitive data. For enterprises and development teams, while AI programming tools improve research and development efficiency, their data transmission, permission boundaries, and outreach behaviors also need to be included in more stringent security management.
