China's Ministry of Industry and Information Technology said its Network
Security Threat and Vulnerability Database (NVDB) detected a backdoor
vulnerability in AI coding tool Claude Code and characterized the risk as
serious. Claude Code, developed by US firm ANTHROPIC, can autonomously generate
and repair code from text prompts. NVDB said the tool contains a built-in
monitoring mechanism that can transmit sensitive data — including user location
and identity markers — to remote servers without user consent. Affected
versions: 2.1.91–2.1.196.