中國工信部警示 Claude Code 存在安全風險
中文摘要
中央社說,中國工信部提醒大家注意 Claude Code 這個 AI 寫程式工具。它可能會把一些敏感資料送出去,例如地區或身分資訊。使用這個工具的人,應該檢查版本、更新,或先不要使用有風險的版本。
中央社報導,中國工信部網路安全威脅和漏洞資訊共享平台發布風險提示,稱 Anthropic 的 AI 編程工具 Claude Code 存在安全後門隱患。公告指出,受影響版本可依文字需求自主完成程式編寫與修復,但內置監控機制可能未經同意向遠程服務器回傳地域、身分標識等敏感訊息。平台建議用戶全面排查、卸載或升級,並加強開發工具外聯權限管控與流量監測。
English Summary
CNA reports that China’s Ministry of Industry and Information Technology warned that the AI coding tool Claude Code may contain a security backdoor risk. The notice says some versions may send sensitive information, such as location and identity markers, back to a remote server without user consent. Users are advised to check their systems, uninstall the affected versions, or upgrade to a safer release.
CNA reports that a cybersecurity platform under China’s Ministry of Industry and Information Technology issued a risk alert about Anthropic’s AI coding tool Claude Code, saying it may contain a serious security backdoor risk. According to the notice, affected versions can autonomously write and fix code based on text prompts, but a built-in monitoring mechanism may send user region and identity data to remote servers without consent. The platform recommends full inspections, uninstalling or upgrading affected versions, and strengthening permission controls and traffic monitoring for development tools that connect outside core business networks.