China Raises Concerns Over Security Vulnerabilities in Anthropic AI Coding Tool

Moneywatch13 Views

SouthernWorldwide.com – China’s National Vulnerability Database (NVDB), a cybersecurity platform linked to the Ministry of Industry and Information Technology, has issued a warning regarding a “security backdoor” discovered in versions of Anthropic’s AI coding tool, Claude Code.

The NVDB stated that this alleged backdoor could allow the software to transmit sensitive user information, such as location data and identity identifiers, back to Anthropic’s servers without explicit user consent.

Claude Code is an artificial intelligence tool designed to assist with coding tasks, including generating code, debugging software, and reviewing existing code based on user instructions.

While Anthropic, a San Francisco-based startup, officially restricts access to its products for users and companies in China and other countries it considers adversarial, it is still possible for individuals within China to access these tools via VPNs or third-party proxy services.

The NVDB’s announcement on its website highlighted that the AI coding tool Claude Code was recently found to contain “security backdoor risks, posing a severe threat.”

Consequently, the NVDB advised all relevant institutions and users to perform an immediate and thorough check of their systems. They were also urged to promptly uninstall the affected software or upgrade to the latest secure version from which the problematic backdoor code has been removed.

Furthermore, the database recommended that organizations enhance their network traffic monitoring capabilities to effectively prevent any unauthorized leakage of sensitive data.

In parallel, reports from individuals familiar with the matter indicated that Chinese tech giant Alibaba informed its employees last week about a ban on the use of Claude Code, effective from July 10, citing security concerns.

This development follows previous accusations by Anthropic against Alibaba, where the latter was alleged to have engaged in reverse-engineering Anthropic’s AI models to replicate their functionalities through a process known as “distillation.”

Responding to these allegations on the social media platform X last week, Claude Code engineer Thariq Shihipar addressed reports suggesting the tool was collecting specific data from Chinese users.

Shihipar clarified that the feature in question was an experiment initiated in March. Its primary purpose was to prevent account abuse stemming from unauthorized resellers and to safeguard against distillation practices.

He further stated that the development team had since implemented stronger mitigation measures. Shihipar also noted that the company had been intending to disable this feature for some time and that it was scheduled to be fully rolled back in the subsequent release, expected the following day.

Leave a Reply

Your email address will not be published. Required fields are marked *