{"id":287244,"date":"2026-07-08T09:58:00","date_gmt":"2026-07-08T13:58:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/"},"modified":"2026-07-08T13:30:18","modified_gmt":"2026-07-08T17:30:18","slug":"china-ditch-older-claude-versions-with-backdoor-code","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/","title":{"rendered":"China: Ditch older Claude versions with backdoor code"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/5268371\">China: Ditch older Claude versions with backdoor code<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/5268371\">https:\/\/www.theregister.com\/security\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/5268371<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 09:58:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p class=\"kicker \" style=\"\">Security<\/p>\n<p class=\"subtitle \" style=\"\">National vulnerability database claims monitoring mechanism can forward Chinese users&#8217; data to remote servers<\/p>\n<p>China&#8217;s National Vulnerability Database (CNVDB) is urging developers to uninstall recent Claude Code versions over the fear that they can scoop up sensitive user data without consent.<\/p>\n<p>Referring to it as &#8220;backdoor code,&#8221; the state-run body claimed over WeChat and in an online statement that a &#8220;built-in monitoring mechanism&#8221; can gather details such as a user&#8217;s location and identity, and forward them to remote servers.<\/p>\n<p>It said the alert only applies to Claude Code versions 2.1.91 (April 2) to 2.1.196 (June 29). &#8220;It is recommended that relevant units and users immediately conduct a comprehensive investigation,&#8221; CNVDB said on Wednesday.<\/p>\n<p>&#8220;For development terminals with the above-mentioned affected versions installed, immediately uninstall or upgrade to the latest secure version with the relevant backdoor code removed; strengthen the control of external access permissions and traffic monitoring of development tools within core business network segments to prevent the unauthorized transmission of sensitive data.&#8221;<\/p>\n<p><span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span> asked Claude maker Anthropic to comment, but it did not immediately respond.<\/p>\n<p>Neither did Anthropic answer our questions last week about its covert code designed to prevent competing AI companies from extracting intel about Claude&#8217;s inner workings.<\/p>\n<p>Claude Code engineer Thariq Shihipar stated publicly that Anthropic launched an experiment in March to protect against model distillation \u2013 a process by which AI companies try to improve their models by training them on the answers of those that are more advanced.<\/p>\n<p>&#8220;The team has landed stronger mitigations since then and we&#8217;ve actually been meaning to take this down for a while,&#8221; he said. The secret steganography system was removed in version 2.1.198, released on July 1.<\/p>\n<p>We had asked Anthropic whether it disclosed this&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/5268371\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China: Ditch older Claude versions with backdoor code https:\/\/www.theregister.com\/security\/2026\/07\/08\/china-ditch-older-claude-versions-with-backdoor-code\/5268371 Publish Date: 2026-07-08 09:58:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287245,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/image.theregister.com\/5254628.jpg?imageId=5254628&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,27],"class_list":["post-287244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287244"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287244"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287244\/revisions"}],"predecessor-version":[{"id":287246,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287244\/revisions\/287246"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287245"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}