🟠 High  |  Source: The Register — Security


China’s national vulnerability database has flagged older versions of Anthropic’s Claude Code AI coding assistant, alleging it contains a monitoring mechanism capable of forwarding Chinese users’ data to remote servers. The advisory has prompted Chinese authorities to urge developers to stop using the affected versions. The claims introduce significant supply chain concerns around AI-assisted development tooling, particularly for organisations operating in or with Chinese entities.

Security Architect’s Take: Audit your development pipelines for any use of Claude Code, particularly older pinned versions, and review data egress controls around AI coding assistants. Regardless of the geopolitical framing, this is a timely prompt to enforce version pinning policies, monitor outbound connections from developer tooling, and ensure AI tools are assessed under your software supply chain risk framework.

Original advisory: China tells devs to ditch Claude Code over ‘backdoor code’ fears