БНХАУ-ын Аж үйлдвэр, мэдээллийн технологийн яамны кибер аюулгүй байдлын платформ Anthropic компанийн Claude Code хэрэгсэлд хэрэглэгчийн мэдээллийг зөвшөөрөлгүй дамжуулдаг “аюулгүй байдлын цоорхой” байгааг тогтоожээ.
БНХАУ-ын Аж үйлдвэр, мэдээллийн технологийн яамны дэргэдэх Үндэсний эмзэг байдлын мэдээллийн сан (NVDB) лхагва гарагт гаргасан анхааруулгадаа Anthropic компанийн бүтээсэн Claude Code хэрэгслийн сүүлийн хувилбаруудад нууцлалын зөрчил илэрсэн болохыг мэдэгдэв. Уг хэрэгсэл нь хэрэглэгчийн газарзүйн байршил, хувийн таних тэмдэг болон бусад мэдээллийг зөвшөөрөлгүйгээр алсын серверүүд рүү автоматаар дамжуулдаг байна. Энэхүү механизм нь оюуны өмч болон мэдээллийн аюулгүй байдалд ноцтой эрсдэл учруулж болзошгүй тул хэрэглэгчдийг тухайн системийг шинэчлэх эсвэл устгахыг зөвлөжээ.
Anthropic компанийн ажилтан энэхүү код нь зөвшөөрөлгүй худалдаачдаас хамгаалах болон загварыг хууль бусаар хуулбарлахаас сэргийлэх зорилготой “туршилт” байсан гэж тайлбарласан байна. Тус компани энэ механизмыг 2026 оны долдугаар сарын 2-ны өдрийн шинэчлэлтээр устгахаар төлөвлөж байгаагаа мэдэгдлээ. БНХАУ-ын зүгээс уг асуудлыг хөндөхдөө хөгжүүлэлтийн хэрэгслүүдийн сүлжээний хандалтыг хянаж, мэдээллийн урсгалд хяналт тавихыг уриалсан юм.
Anthropic компани нь АНУ-ын Пентагонтой нягт харилцаатай бөгөөд тэдний технологи нь АНУ-ын засгийн газрын агентлагуудын ашигладаг Palantir-ийн тандалт, дүн шинжилгээний программ хангамжид нэгтгэгдсэн байдаг. Тус компанийн Claude загварыг Иран дахь цэргийн ажиллагааны үеэр байг тодорхойлоход ашигласан гэх мэдээлэл гарч байсан ч Anthropic-ийн гүйцэтгэх захирал Дарио Амодей энэ нь компанийн тогтоосон аюулгүй байдлын “улаан шугам”-ыг зөрчөөгүй гэж мэдэгдэж байв.
Дэлгэрэнгүйг эх сурвалжаас харах
↓Эх сурвалжийг нээх ↓
Several versions of the US coding tool contain a backdoor transmitting users’ location and identity data without consent, the National Vulnerability Database claims
China has accused Anthropic’s AI coding tool Claude Code of containing “security backdoor vulnerabilities” capable of transmitting sensitive user information without consent, warning the mechanism poses a “serious security risk.”
Claude Code, developed by the US startup with close ties to the Pentagon, is an AI-powered coding assistant that helps developers write, edit, debug, and understand code using natural-language prompts. Because it runs inside a developer’s terminal rather than a browser, it can access source code and other files the user chooses to share.
In a risk advisoryissued on Wednesday, the Chinese Ministry of Industry and Information Technology’s (MIIT) cybersecurity threat platform NVDB said it had identified a potential security risk in several recent Claude Code versions. According to NVDB, they contain a “built-in monitoring mechanism” that automatically transmits users’ geographic location, identity identifiers, and other sensitive data to remote servers without consent.
The MIIT described the alleged mechanism as a potentially malicious feature that could pose privacy, security, and intellectual property risks, as AI coding assistants are often used on proprietary software and other sensitive codebases. It urged users to review affected systems, uninstall the vulnerable versions, or upgrade to a release with the alleged backdoor removed.
It also called for tighter controls on outbound network access for development tools and stronger traffic monitoring to prevent unauthorized data transmission.
Anthropic has not publicly responded to the advisory.
China’s relationship with Anthropic has been contentious. While the company prohibits Chinese firms and their foreign affiliates from using Claude under regional and national security restrictions, reports say Chinese researchers and engineers continue to access it via overseas proxies. Since February, Anthropic has accused Alibaba and several other Chinese AI labs of illegally “distilling” its models to train competing systems.
The advisory followed claims posted on Reddit last week that Anthropic had secretly “embedded spyware in Claude Code” to identify users illegally accessing the service from China.
Hi, this is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation.
The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while. We merged the…
— Thariq (@trq212) June 30, 2026
Anthropic employee Thariq responded on X that the code was part of an “experiment” launched “to prevent account abuse from unauthorized resellers and protect against distillation,” adding that the company planned to remove the mechanism in the July 2 release.
Anthropic has also faced controversy in the US. While the company has highlighted safeguardsaround its AI – recently withholding its Claude Mythosmodel over fears it could expose critical software vulnerabilities and resisting Pentagonrequests to relax restrictions on surveillance and autonomous weapons – its technology has reportedly been integrated into Palantir’s analysis and surveillance software used by US government agencies.
During the US war on Iran, the software reportedly identified an elementary school in Minab as a target. A subsequent US strike killed nearly 160 people, but Anthropic CEO Dario Amodei argued that the use of Claude did not violate the company’s “red lines,” claiming “a human made that final call.”
You can share this story on social media:



