China warns of 'security backdoor' in Anthropic AI coding tool
The alleged backdoor could allow the software to "transmit sensitive information", including users' locations and identity-related identifiers, back to Anthropic's servers without users' consent.
· CNA · JoinRead a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST
BEIJING: A Chinese industry regulator warned users on Wednesday (Jul 8) of a "security backdoor" embedded in versions of Anthropic's Claude Code, but the US artificial intelligence company described the mechanism as an anti-abuse measure.
Claude Code is an AI agent that can generate computer code, debug software and review code based on user prompts.
Anthropic prohibits users and companies in China and other nations it deems adversarial from accessing it, but users can sometimes get around this through VPN or third-party proxy services.
Allegations of a backdoor first emerged in specialist tech media last week, and on Wednesday China's National Vulnerability Database (NVDB) - a cybersecurity platform affiliated with the Ministry of Industry and Information Technology - said it had recently detected "security backdoor risks, posing a severe threat".
CNA Games
Guess Word
Crack the word, one row at a time
Buzzword
Create words using the given letters
Mini Sudoku
Tiny puzzle, mighty brain teaser
Mini Crossword
Small grid, big challenge
Word Search
Spot as many words as you can
Show More
Show Less
Anthropic told AFP Wednesday that the mechanism checked a device's timezone and whether a request was routed through a domain tied to an unsupported region or a known problematic entity.
It said it was a standard way to detect fraud and abuse.
China's NVDB advised relevant institutions and users "to conduct a comprehensive check immediately" and "promptly uninstall or upgrade to the latest secure version from which the relevant backdoor code has been removed".
It also urged organisations to strengthen network traffic monitoring to prevent the unauthorised leakage of sensitive data.
Chinese tech giant Alibaba told employees last week that the use of Claude Code would be banned from Jul 10 due to security concerns, people familiar with the matter said.
Anthropic has previously accused Alibaba of reverse-engineering its AI models to mimic their abilities in a process known as "distillation".
Claude Code engineer Thariq Shihipar responded in an X post last week to reports alleging that the tool was tracking certain data from Chinese users.
"This is an experiment we launched in March that was meant to prevent account abuse from unauthorised resellers and protect against distillation," Shihipar wrote.
"The team has landed stronger mitigations since then and we've actually been meaning to take this down for a while ... this should be fully rolled back in tomorrow's release."
Newsletter
Week in Review
Subscribe to our Chief Editor’s Week in Review
Our chief editor shares analysis and picks of the week's biggest news every Saturday.
Newsletter
Week in Review
Subscribe to our Chief Editor’s Week in Review
Our chief editor shares analysis and picks of the week's biggest news every Saturday.
Sign up for our newsletters
Get our pick of top stories and thought-provoking articles in your inbox
Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app