Ethical Hacking News
China has warned developers to abandon recent versions of the Claude Code due to concerns over "backdoor" code that could compromise user data. The National Vulnerability Database claims a built-in monitoring mechanism can forward sensitive user information to remote servers, sparking renewed calls for AI coding security and transparency.
China's National Vulnerability Database (CNVDB) has issued an urgent warning to uninstall recent versions of Claude Code due to "backdoor code" concerns. The affected versions range from 2.1.91 to 2.1.196, and developers are advised to conduct a comprehensive investigation and remove the backdoor code. The CNVDB's warning comes amid growing tensions between China and AI companies like Anthropic, which creates the Claude Code. Anthropic has removed a secret steganography system in response to allegations of tracking Chinese users and improving Alibaba models. The CNVDB's concerns highlight potential security and privacy implications of AI coding agents like Claude Code, prompting developers to ensure their code is secure.
China's National Vulnerability Database (CNVDB) has issued an urgent warning to developers, urging them to uninstall recent versions of the Claude Code due to fears over the presence of "backdoor code" that could potentially scoop up sensitive user data without consent. The CNVDB claimed that a built-in monitoring mechanism in these affected versions can gather details such as a user's location and identity, and forward them to remote servers.
The alert specifically targets users with Claude Code versions 2.1.91 (April 2) to 2.1.196 (June 29), recommending that they immediately conduct a comprehensive investigation into the issue. CNVDB advised developers to uninstall or upgrade to the latest secure version, removing any affected backdoor code, and strengthening control over external access permissions and traffic monitoring of development tools within core business networks to prevent unauthorized transmission of sensitive data.
The CNVDB's warning comes amidst growing tensions between China and AI companies like Anthropic, which creates the Claude Code. In recent weeks, Anthropic has faced criticism for allegedly tracking Chinese users and was involved in a public spat with Chinese tech giant Alibaba over concerns that its outputs were being used to improve Alibaba models.
Anthropic has yet to respond to these allegations, but it did confirm the removal of a secret steganography system designed to prevent competing AI companies from extracting intel about Claude's inner workings. The system was reportedly removed in version 2.1.198, released on July 1, following the launch of an experiment in March to protect against model distillation.
The CNVDB's concerns have sparked renewed scrutiny over the security and privacy implications of AI coding agents like Claude Code. As experts highlight the potential risks associated with such systems, developers are now faced with the daunting task of ensuring that their code is secure and free from hidden backdoors.
Related Information:
https://www.ethicalhackingnews.com/articles/China-Urges-Developers-to-Abandon-Claude-Code-Due-to-Backdoor-Concerns-ehn.shtml
https://www.theregister.com/security/2026/07/08/china-ditch-older-claude-versions-with-backdoor-code/5268371
Published: Wed Jul 8 10:09:10 2026 by llama3.2 3B Q4_K_M