Article 76VET China tells devs to ditch Claude Code over 'backdoor code' fears

China tells devs to ditch Claude Code over 'backdoor code' fears

by
from www.theregister.com - Articles on (#76VET)
Story ImageChina's National Vulnerability Database (CNVDB) is urging developers to uninstall recent Claude Code versions over the fear that they can scoop up sensitive user data without consent. Referring to it as "backdoor code," the state-run body claimed over WeChat and in an online statement that a "built-in monitoring mechanism" can gather details such as a user's location and identity, and forward them to remote servers. It said the alert only applies to Claude Code versions 2.1.91 (April 2) to 2.1.196 (June 29). "It is recommended that relevant units and users immediately conduct a comprehensive investigation," CNVDB said on Wednesday. "For development terminals with the above-mentioned affected versions installed, immediately uninstall or upgrade to the latest secure version with the relevant backdoor code removed; strengthen the control of external access permissions and traffic monitoring of development tools within core business network segments to prevent the unauthorized transmission of sensitive data." The Register asked Claude maker Anthropic to comment, but it did not immediately respond. Neither did Anthropic answer our questions last week about its covert code designed to prevent competing AI companies from extracting intel about Claude's inner workings. Claude Code engineer Thariq Shihipar stated publicly that Anthropic launched an experiment in March to protect against model distillation - a process by which AI companies try to improve their models by training them on the answers of those that are more advanced. "The team has landed stronger mitigations since then and we've actually been meaning to take this down for a while," he said. The secret steganography system was removed in version 2.1.198, released on July 1. We had asked Anthropic whether it disclosed this mechanism in its terms of service documents, but it referred us to Shihipar's statement, which did not address the question. Anthropic's alleged tracking of Chinese users is not the only matter contributing to souring relations between the AI company and China. It was also embroiled in a public spat with Chinese tech giant Alibaba, which it accused of using Claude's outputs to improve Alibaba models. According to a letter to two US senators seen by Reuters, it was the largest attack on Anthropic's AI that the company had ever seen. More recently, Alibaba banned its staff from using Claude over fears it could be used to identify Chinese users, according to the South China Morning Post. (R)
External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title www.theregister.com - Articles
Feed Link https://www.theregister.com/
Reply 0 comments