TheVortiq
Inteligencia Artificial

Alibaba bans Claude Code over alleged anti-China backdoor

Chinese company orders employees to delete all Anthropic products after discovering hidden code that detected users in China

July 8, 2026 · 4 min read

Detailed view of colorful programming code on a computer screen.

TL;DR: Alibaba has banned Claude Code for its employees after discovering hidden code that detected whether the user was in China and exfiltrated data via steganography. Anthropic admits it was an anti-abuse experiment but has removed it. The move escalates the war between the two companies over model distillation.

What happened?

Chinese tech giant Alibaba has banned its employees from using Claude Code, Anthropic's AI-assisted coding tool, effective July 10. According to a July 3 report from the South China Morning Post, the company added Claude Code to a "high-risk software list with security vulnerabilities" after an evaluation revealed alleged backdoor risks. Employees have been instructed to uninstall all Anthropic products, including the Sonnet, Opus, and Fable models, and migrate to Qoder, Alibaba's internal coding platform.

The trigger was a June 30 post on the r/ClaudeAI subreddit, where a user claimed to have discovered—by restoring a disabled remote control function—an obfuscated detection logic present since version 2.1.91, released on April 2. The code checked if the system timezone was Asia/Shanghai or Asia/Urumqi and examined the proxy URL against a hardcoded list of Chinese domains and AI lab identifiers, including Alibaba, Baidu, Ant Group, and ByteDance. Most critically, data was exfiltrated via steganography, modifying the date format and a punctuation character in the system prompt sent to Anthropic's servers, without the user noticing.

The post author described the covert transmission of system and proxy data as "a fundamental violation of user trust."

Anthropic's response

Anthropic has not issued an official statement, but Thariq Shihipar, an engineer on the Claude Code team, responded on X describing the mechanism as "an experiment we launched in March" aimed at preventing account abuse by unauthorized resellers and protecting against distillation. Shihipar stated that the team was already planning to remove that code and that the pull request was merged on July 1, one day after the Reddit post.

Context: The distillation war

This ban is part of a broader conflict. On June 10, Anthropic sent a letter to leaders of the U.S. Senate Banking Committee accusing operators affiliated with Alibaba's Qwen lab of using nearly 25,000 fraudulent accounts to generate 28.8 million exchanges with Claude between April 22 and June 5. Anthropic called this an industrial-scale model distillation attack, aimed at copying Claude's reasoning and software engineering capabilities. Distillation—training a smaller model on the outputs of a more capable one—exists in a legal and ethical gray area. Alibaba has denied the accusations.

Why it matters

This incident has multiple implications. First, it reveals a questionable practice by Anthropic: introducing hidden code to detect users in China without disclosing it in release notes. Although Anthropic justifies it as an anti-abuse measure, the steganographic data exfiltration undermines user trust and raises serious questions about the company's transparency. Second, Alibaba's ban is not an isolated event but a symptom of the growing technological fragmentation between China and the West. Third, the escalation between Alibaba and Anthropic could lead to stricter regulations on the use of AI models on both sides, affecting startups and developers who rely on these tools.

Consequences for the market and users

For Chinese developers, losing access to Claude Code means a setback in productivity, as Qoder has yet to match its capabilities. Globally, this case could incentivize more rigorous security audits of AI tools and push other tech companies to review their own telemetry practices. Additionally, the distillation dispute could accelerate the adoption of more aggressive protection mechanisms by model providers, such as proxy detection or geographic restrictions.

What readers should know

  • The alleged backdoor is not a traditional backdoor (allowing unauthorized remote access), but a detection and exfiltration mechanism for system configuration data.
  • Anthropic claims it has already removed the offending code, but trust is damaged.
  • The rivalry between Alibaba and Anthropic reflects geopolitical tensions in the AI sector, where national security and intellectual property intertwine.
  • Claude Code users should review what data they share and consider open-source alternatives like Code Llama or StarCoder.

Conclusion

Alibaba's ban on Claude Code marks a new chapter in the tech war between China and the West. Beyond the mutual accusations, the case underscores the need for transparency in AI tool development and raises questions about the ethical limits of telemetry. As Anthropic and Alibaba clash, developers are caught in the middle of a conflict that transcends the technical and enters the political and legal realms.

Keep reading