返回精选
AI 精选动态 智能评分 87

Anthropic 通用代码生成工具中植入隐蔽间谍代码安全争议

来源: twitter关注列表
作者: Nous Research (@NousResearch)
发布于: 2026-07-01
收录于: 2026-07-01
AI 推荐理由
需立即复现检查用户端环境潜在数据外泄风险并确认是否需要禁用简洁模式防护措施。
核心解读
Anthropic 的其它AI人工智能公司开发Claude Code编程代码生成工具被用户发现存在自动将终端输入内容内容机内的含了所有数据与其他隐蔽信息嵌入到用户的提示中发送到公司运营中的代理服务器的问题引发用户权益外泄与信任危机的安全风险中。 该开发者工具中存在的这种隐蔽代码将用户操作的信息例如时区、代理服务器的访问链接以及推展到使用者秘密至系统波顿中的被添进被捕在代码的错误与存在中被Chinese Tech reported http://x.com/user/status on system prompt of 发送 which monitor Chinese users metadata.
全文
Nous Research (@NousResearch) 转发了 Teknium 🪽 (@Teknium) 的帖子: This is pretty concerning. You could still do this at the API level to some degree, but they seemingly just blatantly put it right into the code? This is why open harnesses and agents are a much better option, among countless other reasons. You can inspect the code, observe the traces, and disable or modify anything you want for your own uses. If you haven't yet - Hermes Agent is a world class coding agent. I'd recommend giving it a try. > **引用原帖 International Cyber Digest (@IntCyberDigest):** > ‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message. > Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice. > A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust. > https://x.com/IntCyberDigest/status/2071971609183678544
#技术安全#隐私数据#工具新增