Overview
- China’s National Vulnerability Database posted a security advisory on Wednesday that named Claude Code versions 2.1.91–2.1.196 and said those releases contained a built‑in monitoring mechanism able to send user location and identity data to remote servers.
- Anthropic engineers have said the code was an anti‑abuse experiment to detect unauthorized resellers and large‑scale model distillation, and the company has rolled out mitigations and removed the marker in newer builds.
- Alibaba instructed employees to stop using Claude Code for work from July 10 and moved the tool onto a high‑risk list, reflecting immediate corporate moves to limit exposure to developer tools that access source code and secrets.
- Independent researchers and reverse engineers exposed hidden “prompt steganography” and client‑side checks that flagged timezone, proxy and network traits, showing how the experiment could identify users without obvious notice.
- The episode raises wider risks for cross‑border AI use, pushing firms to tighten network controls, consider domestic or auditable stacks, and heighten regulatory scrutiny of telemetry and model‑protection measures.