cybersecurityTom's Hardware· 7/5/2026, 12:20:00 PM8.0

Alibaba bans Anthropic's Claude Code after an alleged hidden China-detection backdoor is uncovered — employees told to switch to Qoder as the rift between the firms widens

Chinese tech giant Alibaba has banned its employees from using Anthropic's Claude Code for all work purposes, effective July 10, after security researchers alleged the AI coding agent contained hidden code designed to detect whether users were based in China or affiliated with Chinese AI labs. According to a July 3 South China Morning Post report, the Chinese tech giant said Claude Code had been "added to a list of high-risk software with security vulnerabilities" following a comprehensive evaluation, citing what it described as back-door risks. Employees have reportedly been instructed to adopt Qoder, Alibaba's in-house AI coding platform, as the replacement. According to reports from Chinese outlets citing company insiders, the directive reportedly goes further than Claude Code itself, as staff have allegedly been told to uninstall all Anthropic products, including the Sonnet, Opus, and Fable model families. The move is the latest escalation in a feud that ignited last month, when Anthropic accused operators linked to Alibaba's Qwen AI lab of running the largest known model distillation attack against Claude. The trigger for the ban was a June 30 post on the r/ClaudeAI subreddit by a user who claimed to have reverse-engineered Claude Code while restoring a disabled remote-control feature. According to the write-up, obfuscated detection logic had shipped silently since version 2.1.91, released on April 2, with no mention in the release notes. Whenever a proxy was detected, the code reportedly checked whether the system timezone matched Asia/Shanghai or Asia/Urumqi and inspected the proxy URL against a hardcoded list of Chinese domains and AI lab identifiers, reportedly including Alibaba, Baidu, Ant Group, and ByteDance. What elevated the discovery from routine telemetry to scandal was the exfiltration method. Rather than sending an overt signal, the tool allegedly encoded its findings steganographically, tweaking the date format and swapping a punctuation character in the system prompt sent back to Anthropic's servers — invisible to the user, but machine-parseable on Anthropic's end. The Reddit author called the covert transmission of system and proxy data "a fundamental violation of user trust," saying they simply wanted transparency from Anthropic. Anthropic has not issued a formal statement, but Thariq Shihipar, an engineer on the Claude Code team, addressed the findings on X, describing the mechanism as "an experiment we launched in March" intended to prevent account abuse by unauthorized resellers and to protect against distillation. Shihipar said the team had been meaning to remove the code for a while, and that the pull request stripping it out was merged on July 1, the day after the Reddit post. The timing of Alibaba’s Claude ban fits right into the wider rift between the Chinese tech giant and the U.S. artificial intelligence frontrunner. On June 10, Anthropic sent a letter to leaders of the U.S. Senate Banking Committee accusing operat…

Related entities
View original (Tom's Hardware) →