Alibaba has told staff to stop using Anthropic’s Claude Code from July 10, branding it high-risk software after reports of hidden code that could detect Chinese users. Employees are being pushed to Alibaba’s own Qoder tool instead. The ban deepens an already tense rift between the two companies.
Key Takeaways
- Alibaba bans Claude Code for all staff starting July 10
- The trigger was hidden code that could detect Chinese users
- Alibaba labeled Claude Code high-risk software with backdoor risks
- Staff are told to switch to Alibaba’s in-house Qoder tool
- The ban follows Anthropic’s distillation accusations against Qwen
What Alibaba Announced
The order came through an internal notice. Alibaba told employees that Claude Code had been added to a list of high-risk software with security vulnerabilities after a comprehensive evaluation. Citing what it called back-door risks, according to a notice seen by the South China Morning Post.
The ban takes effect July 10. From that date, all staff are prohibited from using the tool for work. Reports from Chinese outlets citing insiders say the directive goes further than Claude Code alone, with employees allegedly told to uninstall all Anthropic products, including the Sonnet, Opus, and Fable model families.
The replacement is homegrown. Alibaba directed staff to Qoder, its own AI coding agent, and the timing was tidy: the company rolled out a Qoder Enterprise Edition around the same time. Mandating the tool internally hands Alibaba a large captive user base whose usage data can sharpen the product before a wider commercial push.
The Hidden Code That Sparked It
The whole thing traces back to a single Reddit post. On June 30, a user going by LegitMichel777 said they had reverse-engineered Claude Code while restoring a disabled feature and found obfuscated detection logic that had shipped silently since version 2.1.91, released April 2, with no mention in the release notes.
The logic was targeted. According to The Decoder’s breakdown of the discovery, the tool checked the system timezone against “Asia/Shanghai” or “Asia/Urumqi” and scanned any active proxy URL against a list of Chinese domains and known AI lab identifiers.
What turned routine telemetry into a scandal was how the data left the machine. Rather than sending an obvious signal, the code used steganography, tweaking the date format and swapping the apostrophe in “Today’s date is” for a visually identical Unicode character. Invisible to the user, but instantly readable on Anthropic’s servers.
The concealment raised eyebrows too. Portions of the code were XOR-obfuscated with the key 91, a technique that keeps strings from showing up in a plain-text search. To critics, that looked less like telemetry and more like an effort to avoid detection.
The stakes are high because of how much access the tool has. Claude Code needs deep reach into a developer’s local file system to read, modify, and run code, so any hidden function effectively has the run of the machine. As one developer put it, a timezone check today could be something far worse tomorrow.
Anthropic’s Side of the Story
Anthropic didn’t deny the mechanism. An engineer on the Claude Code team, Thariq Shihipar, addressed the findings on X and framed it as a defensive measure gone stale.
He described it as an experiment launched in March meant to prevent account abuse from unauthorized resellers and protect against distillation. He added that the team had shipped stronger protections since and had been meaning to take the code down for a while.
The removal was quick. Shihipar said the pull request stripping out the code was merged on July 1, the day after the Reddit post, shipping in that day’s release. The fast turnaround, a public response within about a day, is itself a signal of how much reputational weight was at stake.
One question went unanswered. Asked whether the tracking was disclosed in any terms of service, an Anthropic spokesperson pointed back to Shihipar’s remarks, which didn’t address it. That gap is awkward for a company that has built its brand on AI safety and transparency.
A Rift That Runs Both Ways
The ban isn’t happening in isolation. It lands in the middle of an escalating feud between the two companies, and the restrictions cut both directions.
Anthropic keeps the hardest line in the industry on China. It says it is the only frontier AI firm that refuses service to Chinese-owned entities, even through foreign subsidiaries. That policy is exactly why Chinese developers reach Claude Code through proxies, and why a proxy-triggered detection routine reads, to them, as a tool built to hunt them.
The distillation fight is the deeper wound. On June 10, Anthropic sent a letter to the Senate Banking Committee accusing operators linked to Alibaba’s Qwen lab of running nearly 25,000 fraudulent accounts to generate 28.8 million exchanges to extract knowledge from Claude. Alibaba has denied the accusation.
The workarounds are everywhere, which makes enforcement hard:
- Chinese developers reach Claude through foreign credentials, VPNs, and third-party proxies
- Firms like Ant Group reportedly accessed Claude via overseas affiliates and cloud APIs
- A grey market sells Claude API access at steep discounts using stolen credentials
The timing suggests the ban is at least partly retaliatory. The hidden-code discovery handed Alibaba a clean security rationale to cut ties with a tool its engineers had leaned on heavily, while sidestepping the messier distillation allegations.
The bigger question reaches past Alibaba. Whether this episode pushes more Chinese developers toward domestic tools, or simply confirms the risks many already assumed in depending on American AI, is something the whole industry will be watching.
Digital Trendings is your trusted source for AI news and updates, stay tuned for more.







