- In a statement posted on its WeChat account, the National Vulnerability Database (NVDB) said Claude Code contains a built-in monitoring mechanism capable of transmitting sensitive information, including users' geographic location and identity-related identifiers, to remote servers without users' consent.
- The warning applies to Claude Code versions 2.1.91 through 2.1.196.
- NVDB advised that organisations and users should immediately review affected systems and either uninstall the impacted versions or upgrade to the latest secure release in which the alleged backdoor code has been removed.
- It also urged organisations to tighten controls on external network access for development tools and strengthen traffic monitoring on core business networks to prevent the unauthorised transfer of sensitive data.
- China's Alibaba has banned employees from using Claude Code at work after the tool drew scrutiny for features that can help identify China-linked users, Reuters reported last week.
- Anthropic did not immediately reply to a Reuters request for comment.
-Reuters








