
Beijing has issued a stern warning regarding potential security vulnerabilities, specifically highlighting a “back-door” risk associated with companies utilizing the Claude Code artificial intelligence tool developed by U.S.-based Anthropic. This development underscores the escalating technological competition between the United States and China, a dynamic that continues to shape the global AI landscape.
The pronouncement from China’s Ministry of Industry and Information Technology comes in the wake of recent tensions between the two tech superpowers. Last month, Anthropic publicly accused Chinese tech giant Alibaba of attempting to “extract its AI capabilities,” which are not officially sanctioned or accessible within mainland China. While Alibaba has maintained a silence on these accusations, the incident has amplified concerns about intellectual property and unauthorized data access in the AI domain.
Despite official restrictions, a significant number of individuals and organizations in China have reportedly found workarounds to access and leverage U.S. AI tools. A notable instance occurred in March, when a Xiaomi AI developer, speaking at a state-organized forum, revealed that many were actively using Claude Code. This trend has prompted preemptive measures; as reported earlier this week, Alibaba has mandated its employees to cease the use of Anthropic tools for work-related activities, effective July 10.
The Ministry’s cybersecurity threat platform articulated its findings, stating that “AI coding tool Claude Code contains a security back-door vulnerability that poses a serious threat.” According to the platform’s advisory, translated by this publication, the autonomous coding tool is capable of transmitting sensitive user information to remote servers without explicit consent. This information could potentially include granular details such as a user’s geographic location and personal identity, raising significant privacy and security alarms.
The advisory further recommends that users uninstall or upgrade from specific versions of Claude Code, namely versions 2.1.91 through 2.1.196. These versions, released between April 2 and June 29 according to Anthropic’s changelog, are implicated in the reported vulnerability. The latest version of Claude Code available as of Wednesday is 2.1.204, suggesting a pathway for mitigation through immediate software updates.
This situation highlights a critical juncture in the global AI race, where innovation and access are increasingly intertwined with national security and corporate espionage concerns. The ability of AI tools to autonomously gather and transmit data presents both unprecedented opportunities and significant risks. For enterprises operating in the complex geopolitical landscape of U.S.-China tech relations, the imperative to secure AI supply chains and ensure data integrity has never been more pronounced. The incident serves as a stark reminder that the rapid advancement of AI necessitates a parallel evolution in robust security protocols and international cooperation to mitigate potential threats.
Anthropic has not yet responded to requests for comment.
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/23506.html