Wednesday, July 8, 2026

News

Alibaba Blocks Claude Code After Discovering Hidden Code Targeting Chinese Users

PolicyPatryk Raba

Alibaba banned employees from using Claude Code after developers discovered a hidden mechanism designed to identify users in China. Anthropic says the feature was an experiment aimed at stopping mass theft of Claude's capabilities by accounts linked to Alibaba.

Contents
  1. Anthropic's Response
  2. Allegation of Model Theft
  3. Broader Rivalry Context
  4. What It Means Beyond China

Alibaba has introduced an internal ban on employees using Claude Code, ordering them to switch to the company's own tool, Qoder. The reason is the discovery of a hidden piece of code that checked whether the user was located in China or using infrastructure linked to Chinese AI labs.

The case began with a single post on the r/ClaudeAI forum, where a developer restoring a disabled remote-control feature in Claude Code came across a piece of code responsible for determining the user's geographic origin. The mechanism read the system's time zone and looked for a match with Shanghai or Urumqi, while also scanning proxy addresses for matches against a hardcoded list of 147 domains associated with Chinese tech companies.

Anthropic's Response

Anthropic engineer Thariq Shihipar addressed the matter publicly on X, explaining that the mechanism was created in March 2026 as an experiment intended to prevent account abuse by unauthorized resellers and to protect against model distillation, meaning the use of Claude's responses to train competing systems. He also announced the feature would be rolled back quickly.

It was an experiment launched in March that was meant to prevent account abuse by unauthorized resellers and protect against distillation - Thariq Shihipar, Anthropic engineer

Allegation of Model Theft

The dispute has a second layer. In a letter to the US Senate, Anthropic accused operators linked to the Qwen lab, owned by Alibaba, of an industrial-scale, organized attempt to distill Claude's engineering and reasoning capabilities. According to the company, nearly 25,000 fake accounts generated almost 29 million exchanges with the model in under two months, which Anthropic described as the largest attack of this kind ever detected against its systems.

Alibaba, in an internal message to employees, presented the matter in reverse, claiming that Claude Code itself poses a security risk. The company wrote that the tool had recently been identified as carrying backdoor risk and, after a comprehensive assessment, was placed on a list of high-risk software with security vulnerabilities.

Broader Rivalry Context

The dispute fits into a broader escalation of tech tensions between the US and China over artificial intelligence. According to reports, Chinese authorities have already held talks with Alibaba, ByteDance and Z.ai about potentially restricting foreign access to their most advanced models, including ones not yet released. This shows the tension extends beyond a single incident and concerns strategic control over model development on both sides.

For Alibaba employees, this means in practice a forced switch to Qoder, the company's own coding platform, developed as an alternative to Western tools. The decision also has an image dimension: it shows Chinese regulators and the public that the conglomerate treats data security as a priority, regardless of whether the allegations against Anthropic are ever confirmed.

What It Means Beyond China

For companies and developers outside China, the episode is a reminder that AI coding tools can contain covert telemetry mechanisms, introduced without explicit user consent, even when the creator's intent is to protect its own intellectual property. This raises questions about the transparency of providers like Anthropic, OpenAI and Google toward enterprise customers that increasingly integrate coding agents with internal systems and sensitive data.

Anthropic has announced it will roll out stronger safeguards against account abuse without the need for hidden geographic profiling, but has not yet given technical details of the new solution. Alibaba has not lifted the ban so far, and tensions between the companies are likely to persist until the alleged distillation attack case is resolved before US authorities.

Sources: TechRadar (techradar.com), Tom's Hardware (tomshardware.com), CNBC (cnbc.com), The Next Web (thenextweb.com), TechCrunch (techcrunch.com)

Share: