Credited from: INDIATIMES
The National Vulnerability Database (NVDB) of China has issued a warning regarding Anthropic's AI coding tool, Claude Code, stating that certain versions contain a "security backdoor" that could transmit sensitive user information, including location and identity data, back to Anthropic's servers without user consent. This alert follows rising tensions between Anthropic and Alibaba, particularly after allegations surfaced that Alibaba engaged in "industrial-scale" extraction of AI capabilities from Anthropic, leading to the suspicion around Claude Code's functionality, according to Indiatimes, CBS News, and Channel News Asia.
The NVDB, linked to China's Ministry of Industry and Information Technology, categorizes the backdoor risk as a "severe threat" and has called upon users and organizations to perform immediate comprehensive checks of their systems. Users are urged to uninstall any vulnerable versions or upgrade to a secure update, thus addressing potential data leakage, as noted by Indiatimes and CBS News.
In response to the ongoing controversy, Chinese tech giant Alibaba has instructed its employees to cease using Claude Code effective July 10 due to security risks associated with the tool. This measure underscores the escalating tensions between the companies, particularly in light of allegations that Anthropic's services are being misused for reverse-engineering, also known as "distillation," as indicated by sources from Indiatimes, CBS News, and Channel News Asia.
Anthropic has publicly addressed some of the allegations surrounding Claude Code, asserting that the suspected backdoor was part of an experimental feature designed to prevent unauthorized reselling and protect against data theft. Thariq Shihipar, an engineer at Anthropic, mentioned that the new security measures will remove the controversial functionality, indicating a commitment to user security amid the rising scrutiny, as detailed in reports from Indiatimes, CBS News, and Channel News Asia.