Svmuu News: Recently, the Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology detected that the AI programming tool Claude Code contains a security backdoor that poses a serious threat.
Claude Code is an AI programming tool developed by the U.S.-based company Anthropic that can autonomously write and fix code based on text prompts. Due to its built-in monitoring mechanism, it can transmit sensitive information—such as the user’s geographic location and identity identifiers—to remote servers without the user’s consent. Affected versions of Claude Code range from 2.1.91 to 2.1.196.
It is recommended that relevant organizations and users immediately conduct a comprehensive investigation. For development terminals running the affected versions listed above, they should be uninstalled or upgraded to the latest secure version with the backdoor code removed. Additionally, organizations should strengthen access control and traffic monitoring for development tools connecting to external networks within core business network segments to prevent the unauthorized transmission of sensitive data.