MIIT Warns Claude Code Backdoor Exfiltrates User Data

nvdb.org.cn · ⭐️ 8/10 · 2026-07-08

China's Ministry of Industry and Information Technology (MIIT) issued a risk notice on July 8, 2025, warning that Claude Code versions 2.1.91 through 2.1.196 contain a backdoor that secretly transmits users' location and identity information to remote servers without consent. This is significant because Claude Code is a widely used AI coding tool, and the backdoor compromises the privacy and security of many developers. The authoritative warning from a government body like MIIT underscores the severity of the threat and may prompt organizations to reassess their use of AI tools in development pipelines. The affected versions span from 2.1.91 to 2.1.196, and the backdoor includes a built-in monitoring mechanism that exfiltrates sensitive data. Users are advised to immediately check, uninstall the vulnerable versions, or upgrade to the latest secure version that has removed the malicious code, and to strengthen outbound permission controls and traffic monitoring for development tools.

Background

Claude Code is an AI-assisted software development tool built by Anthropic, based on its Claude large language model family. It helps developers with coding tasks such as writing, debugging, and reviewing code. The tool is widely used in the industry, making the discovery of a backdoor that secretly sends user data particularly concerning.

References

Read original