3 Sources
[1]
Alibaba to ban Claude Code over alleged backdoor risk, source says
The workplace ban, starting July 10, lands weeks after Anthropic accused operators linked to Alibaba's Qwen lab of running the largest known distillation campaign against Claude. Alibaba will bar its employees from using Anthropic's Claude Code inside workplace environments from July 10, according to a person familiar with the matter cited by Reuters. The stated reason is an alleged backdoor built into the coding tool, though Alibaba has not confirmed the move publicly and did not immediately respond to a request for comment. The ban was first reported by the Chinese financial outlet Yicai before Reuters corroborated it through its own source. It arrives at an already tense moment for Anthropic and Alibaba, whose AI units have spent the past two months accusing each other of bad behaviour, first over alleged model theft and now over an alleged spying mechanism baked into Claude's own tooling. Claude Code is Anthropic's command-line coding agent, used by developers to write and debug software from a terminal rather than a chat window. It has become one of the company's fastest-growing enterprise products, which is part of why a workplace-wide ban at a company the size of Alibaba is notable. The alleged backdoor traces back to a Reddit post published on June 30 by a user identified as LegitMichel777, who said they had reverse-engineered Claude Code while restoring a disabled remote-control feature. According to a technical write-up shared alongside the post and later summarised by outlets including CyberSecurity News and Tech Times, the coding assistant had quietly checked, since version 2.1.91 released on April 2, whether a user's proxy configuration or system timezone matched entries on two hidden lists. One list allegedly named Chinese corporate networks, cloud regions and AI labs, including Alibaba, Baidu, ByteDance and Moonshot AI. If a match was found, the tool reportedly altered the date format and swapped a punctuation character in its own system prompt to encode the detection, rather than sending an overt telemetry signal. Anthropic has not issued a formal public statement on the allegation. A member of its Claude Code team, Thariq, is reported to have responded on social media that the mechanism was meant to curb account reselling and model distillation, and that it would be stripped out in the next release, a fix The Register and others reported was already underway by July 1. That timeline means the mechanism was reportedly still live for roughly three months before its removal. None of this happened in isolation. In a letter dated June 10 to US senators, Anthropic accused operators connected to Alibaba's Qwen AI lab of running nearly 25,000 fraudulent accounts to extract Claude's software engineering and reasoning capabilities, generating more than 28.8 million exchanges between April 22 and June 5. We have reported at the time that the campaign exceeded the combined scale of three earlier distillation efforts Anthropic had already flagged to Washington, including ones it attributed to DeepSeek, Moonshot and MiniMax. Alibaba has not commented publicly on that accusation either. The dispute sits alongside a broader pattern of restrictions tech companies have placed on coding agents amid distillation fears, and Anthropic's own tightening of access for Chinese users through tools like Claude Opus and Fable model curbs. Whether the alleged backdoor was a targeted espionage tool or a blunt anti-fraud filter that swept up ordinary Chinese-based developers remains contested, and no independent security firm has yet published a full audit of the claim. Alibaba's ban, if it proceeds as described on July 10, would make it one of the first major companies to formally restrict Claude Code specifically over the alleged mechanism rather than over competitive or cost concerns. Chinese developers who rely on proxy routing to reach the tool at all would be among those most exposed if the detection worked as the researcher described. Reuters said its report was based on a single source and that Alibaba had not responded by the time of publication. Anthropic was not quoted directly in the Reuters report either, leaving both companies' full positions on the record still unclear as the July 10 deadline approaches.
[2]
Alibaba to ban Claude Code in workplace over alleged security risks, Reuters says By Investing.com
Investing.com -- Alibaba Group Holding Ltd (HK:9988) will prohibit employees from using Anthropic's (NASDAQ:ANTP) Claude Code in its workplace environments from July 10 over concerns about potential security risks, Reuters reported on Thursday, citing a person familiar with the matter. The decision follows a report by Chinese financial outlet Yicai that said Alibaba had identified what it described as embedded "backdoor" risks in the AI coding assistant. Hong Kong-listed Alibaba shares was down 0.7%, underperforming the broader Hang Seng, which advanced 1.3%. Track AI leaders, cybersecurity developments and China tech stocks with InvestingPro The move comes as tensions between Alibaba and Anthropic have escalated in recent weeks. Last month, Anthropic accused operators affiliated with Alibaba and its Qwen AI unit of conducting a large-scale effort to extract capabilities from its Claude models through fraudulent accounts, allegations the Chinese technology giant has not publicly addressed. Claude Code, Anthropic's AI-powered software development assistant, has become one of the industry's most widely used coding tools, but access to the company's most advanced models has increasingly come under regulatory scrutiny. Last week, the U.S. government partially restored access to Anthropic's flagship AI models for a limited group of trusted organizations after temporarily restricting their deployment over national security concerns. Alibaba has invested heavily in expanding its Qwen family of large language models as it competes with domestic rivals including DeepSeek, Tencent and Baidu, while Anthropic has strengthened measures to prevent unauthorized access to its Claude platform amid growing concerns over model distillation and cross-border misuse.
[3]
Alibaba Set to Ban Staff From Using Claude Over Security Fears
China's Alibaba plans to ban employees from using Anthropic's Claude Code at work over concerns about potential security risks, according to people familiar with the matter. The move comes in the wake of a post on online forum Reddit earlier this week alleging that a version of the software released in April contained code that could identify users who accessed it from China. In a response to the allegations in the report, Thariq Shihipar, who works on Claude Code, said on X on Wednesday that the code was part of an experiment Anthropic launched in March "meant to prevent account abuse from unauthorized resellers and protect against distillation." Anthropic has accused Alibaba and several other Chinese AI labs of illicitly distilling its models--the practice of training models on the outputs of another. In February, Anthropic said it found that some senior staff of Chinese labs were likely behind some accounts that had distilled its models based on the information of the accounts' activities. The U.S. company has restricted access to Claude in China on national security grounds, though the tool is still popular among Chinese researchers and engineers. Alibaba has classified Claude Code as "high-risk software" following the Reddit report, the people said. Staff won't be allowed to use it from July 10, they said.
Share
Copy Link
Alibaba will prohibit employees from using Anthropic's Claude Code starting July 10 over concerns about an alleged backdoor built into the AI coding tool. The ban comes after a Reddit user claimed to have discovered code that identifies Chinese users, and follows Anthropic's accusations that Alibaba's Qwen lab ran a massive distillation campaign involving 25,000 fraudulent accounts.
Alibaba will bar its employees from using Anthropic's Claude Code inside workplace environments starting July 10, according to sources cited by Reuters and Chinese financial outlet Yicai
1
. The tech giant has classified the AI coding assistant as "high-risk software" following allegations of an embedded backdoor mechanism, though Alibaba has not confirmed the move publicly3
. This corporate restriction marks one of the first major workplace bans targeting Claude Code specifically over security risks rather than competitive concerns.The controversy traces back to a June 30 Reddit post by user LegitMichel777, who claimed to have reverse-engineered Claude Code while restoring a disabled remote-control feature
1
. According to the technical write-up, the coding assistant had quietly checked since version 2.1.91—released on April 2—whether a user's proxy configurations or system timezone matched entries on two hidden lists. One list allegedly named Chinese corporate networks, cloud regions, and AI labs including Alibaba, Baidu, ByteDance, and Moonshot AI. If a match was found, the tool reportedly altered date formats and swapped punctuation characters in its system prompt to encode the detection, rather than sending overt telemetry signals. This mechanism remained active for roughly three months before its removal.Thariq Shihipar, a member of Anthropic's Claude Code team, responded on social media platform X that the code was part of an experiment launched in March "meant to prevent account abuse from unauthorized resellers and protect against distillation"
3
. The mechanism would be stripped out in the next release, with fixes reportedly underway by July 11
. Whether the alleged backdoor functioned as a targeted espionage tool or a blunt anti-fraud filter that swept up ordinary Chinese-based developers remains contested, and no independent security firm has published a full audit of the claim.Related Stories
The Alibaba ban arrives amid escalating tensions between the companies. In a June 10 letter to US senators, Anthropic accused operators connected to Alibaba's Qwen AI lab of running nearly 25,000 fraudulent accounts to extract Claude's software engineering and reasoning capabilities, generating more than 28.8 million exchanges between April 22 and June 5
1
. This distillation campaign exceeded the combined scale of three earlier efforts Anthropic had flagged to Washington, including ones attributed to DeepSeek, Moonshot, and MiniMax. Alibaba has not commented publicly on these accusations.Anthropic has restricted access to Claude in China on national security grounds, though the tool remains popular among Chinese researchers and engineers
3
. Last week, the US government partially restored access to Anthropic's flagship AI models for a limited group of trusted organizations after temporarily restricting their deployment over national security concerns2
. Meanwhile, Alibaba has invested heavily in expanding its Qwen family of large language models as it competes with domestic rivals including DeepSeek, Tencent, and Baidu. Chinese developers who rely on proxy routing to reach the tool would be among those most exposed if the detection worked as described. The dispute highlights how corporate restrictions and geopolitical tensions are reshaping AI model access, with companies caught between protecting intellectual property and serving global developer communities.Summarized by
Navi
[2]
[3]
24 Jun 2026•Technology

Today•Policy and Regulation
05 Sept 2025•Technology

1
Policy and Regulation

2
Policy and Regulation

3
Policy and Regulation
