China Says It Has Found Security Vulnerabilities in Anthropic's Claude Code
4 points
1/21/1970
6 hours ago
by Brajeshwar
Comments
sargunv
an hour ago
science4sail
I don't doubt that Claude Code is full of security holes (even with Mythos assistance) given its 100% vibecoded reputation, but this seems to be more an attempt to get Chinese users to migrate to Chinese products than a serious security memo.
5 hours ago
andsoitis
> It advised users to uninstall the software or update to its latest version
So: old version has security vulnerabilities that latest version does not. Whoopeedoo.
6 hours ago
I wish articles like this bothered to link to primary sources.
> It advised users to uninstall the software or update to its latest version.
This implies the government believes the monitoring mechanism was removed in the latest version. That's interesting information; if only the WSJ linked to it.
Here's a better source in Chinese: https://m.huanqiu.com/article/4SIOWXCLN6f where the government statement is reproduced and the guidance is specifically for versions 2.1.91 through 2.1.196.
> In a response to the allegations on Reddit, an Anthropic employee said on X that the code was part of an experiment the American startup started in March.
Seriously, why not link to the tweet? Here it is: https://x.com/trq212/status/2072079729331777817?s=20
> Hi, this is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation. The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while. We merged the PR and this should be fully rolled back in tomorrow’s release.
So, Anthropic intentionally included spyware targeting users in China, then removed it when it got discovered because they've since built "stronger mitigations". But if you just read the WSJ, you'd never know.