2026-07-08 07:10:14 美国东部夏令时 / 哥伦比亚广播公司新闻
北京——中国一名行业监管机构周三警告用户,美国人工智能巨头Anthropic旗下的编码工具Claude Code的多个版本嵌入了“安全后门”。
中国国家 vulnerability数据库(NVDB)——一个网络安全平台——表示,所谓的后门可能会让该软件在未经用户同意的情况下,将用户位置、身份标识符等敏感信息传回Anthropic的服务器。
Claude Code是一款人工智能编码代理工具,可根据用户提示生成计算机代码、调试软件并审查代码。
旧金山初创公司Anthropic禁止中国和其他其认定为敌对国家的用户及企业使用其产品,但用户仍可通过VPN或第三方代理服务在华使用这些产品。
隶属于中国工业和信息化部的NVDB在其官网表示,其近期“检测到人工智能编码工具Claude Code存在安全后门风险,构成严重威胁”。
Anthropic尚未回应法新社置评请求,相关指控于上周首次出现在专业科技媒体上。
NVDB建议相关机构和用户“立即开展全面检查”,并“及时卸载或升级至已移除相关后门代码的最新安全版本”。
该机构还敦促各机构加强网络流量监控,防止敏感数据被未经授权泄露。
据知情人士透露,中国科技巨头阿里巴巴上周告知员工,出于安全考虑,自7月10日起禁止使用Claude Code。
Anthropic此前曾指控阿里巴巴对其人工智能模型进行逆向工程,通过所谓的“蒸馏”过程模仿其功能。
Claude Code工程师塔里基·希希帕尔(Thariq Shihipar)上周在X平台的一篇帖子中,回应了有关该工具正在追踪中国用户特定数据的报道。
“这是我们3月份推出的一项实验,旨在防止未经授权的转售商滥用账户,并防范蒸馏攻击,”希希帕尔写道。
“自那以来,团队已经推出了更有力的缓解措施,我们实际上早就打算取消这项功能了……该功能将在明日的版本更新中完全回滚。”
China warns of “security backdoor” in Anthropic AI coding tool
2026-07-08 07:10:14 EDT / CBS News
Beijing — A Chinese industry regulator warned users on Wednesday of a “security backdoor” embedded in versions of U.S. artificial intelligence giant Anthropic’s coding tool, Claude Code.
The alleged backdoor could enable the software to “transmit sensitive information,” including users’ locations and identity-related identifiers, back to Anthropic’s servers without users’ consent, said China’s National Vulnerability Database (NVDB), a cybersecurity platform.
Claude Code is an AI coding agent that can generate computer code, debug software and review code based on user prompts.
San Francisco startup Anthropic blocks users and companies in China and other nations it deems adversarial from accessing its products, but it is still possible to use them in the country through VPN or third-party proxy services.
The NVDB, which is affiliated with China’s Ministry of Industry and Information Technology, said on its website that it had recently “detected that the AI coding tool Claude Code contains security backdoor risks, posing a severe threat”.
Anthropic hasn’t responded to AFP requests for comment on the allegations, which first emerged in specialist tech media last week.
The NVDB advised relevant institutions and users “to conduct a comprehensive check immediately” and “promptly uninstall or upgrade to the latest secure version from which the relevant backdoor code has been removed.”
It also urged organizations to strengthen network traffic monitoring to prevent the unauthorized leakage of sensitive data.
Chinese tech giant Alibaba told employees last week that the use of Claude Code would be banned starting July 10 due to security concerns, people familiar with the matter said.
Anthropic has previously accused Alibaba of reverse-engineering its AI models to mimic their abilities in a process known as “distillation.”
Claude Code engineer Thariq Shihipar responded in an X post last week to reports alleging the tool was tracking certain data from Chinese users.
“This is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation,” Shihipar wrote.
“The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while. … This should be fully rolled back in tomorrow’s release.”
发表回复