Skip to main content

Exclusive news, data and analytics for financial market professionalsLearn more aboutRefinitiv

Anthropic says Alibaba illicitly extracted Claude AI model capabilities

Anthropic logo is seen in this illustration taken May 20, 2024. REUTERS/Dado Ruvic/Illustration/File Photo Purchase Licensing Rights, opens new tab

Follow

BEIJING, July 8 (Reuters) - A cybersecurity platform operated by China's industry ministry warned on Wednesday that ​it had identified a serious security "backdoor" risk ‌in Anthropic's AI coding tool, Claude Code.

Jumpstart your morning with the latest legal news delivered straight to your inbox from The Daily Docket newsletter. Sign up here.

  • In a statement posted on its WeChat account, the National ​Vulnerability Database (NVDB) said Claude Code contains ​a built-in monitoring mechanism capable of transmitting ⁠sensitive information, including users' geographic location and ​identity-related identifiers, to remote servers without users' consent.

  • The ​warning applies to Claude Code versions 2.1.91 through 2.1.196.

  • NVDB advised that organizations and users should immediately review ​affected systems and either uninstall the impacted ​versions or upgrade to the latest secure release in ‌which ⁠the alleged backdoor code has been removed.

  • It also urged organizations to tighten controls on external network access for development tools and strengthen ​traffic monitoring ​on core ⁠business networks to prevent the unauthorized transfer of sensitive data.

  • China's Alibaba (9988.HK), opens new tab ​has banned employees from using Claude ​Code ⁠at work after the tool drew scrutiny for features that can help identify China-linked users, ⁠Reuters reported ​last week.

  • Anthropic did not ​immediately reply to a Reuters request for comment.

Reporting by Qiaoyi ​Li and Laurie Chen; Editing by Christian Schmollinger

Our Standards: The Thomson Reuters Trust Principles., opens new tab

  • X

  • Facebook

  • Linkedin

  • Email

  • Link

Purchase Licensing Rights

Read Next / Editor's Picks

  • 2 hours ago

Telstra outage in Australia disrupts trains and payments; no evidence of 'malicious' activity

Judge approves $46.75 million payout for 23andMe data breach victims

Britain's M&S flags higher shareholder returns

ECB tells banks to bolster AI cyber defences as peers take lighter approach

Greek wiretapping victims sue spyware firm Intellexa for damages

EXCLUSIVE

Beijing is looking at curbing overseas access to China's top AI models, sources say

Prince Harry in London on judgment day in his legal battle against the Daily Mail

EXCLUSIVE

US cyber agency is using Anthropic's Mythos to audit government code

Goldman Sachs hires Google's Evan Kotsovinos as partner, division engineering head

  • July 3, 2026

India investigating Tata data leak that exposed Apple iPhone secrets

Alibaba to ban employees from using Anthropic's coding tool, source says

EXCLUSIVE

World's biggest domain seller fears India's fake site crackdown could damage internet

Researchers say EU lawmaker who investigated surveillance was hacked by Israeli spyware

S.Korea presidential office rejects Coupang, US claims of discriminatory treatment

  • July 3, 2026

India issues notice to Telegram, Signal on concerns over usernames, source says

US Department of Homeland Security says it is probing a cyber breach at information-sharing network

Read Original at Reuters