Alibaba Bans Employees From Using Claude Code: What Happened and Why It Matters

China’s Alibaba has officially banned all its employees from using Claude Code, the AI coding tool made by American company Anthropic. The ban takes effect on July 10, 2026. This is a big story — and it is more complicated than most headlines suggest. Here is a clear, fact-based breakdown of everything that happened.


What Is Claude Code?

Claude Code is an AI tool that helps software developers write, fix, and improve code. It is made by Anthropic, a US AI company. Developers around the world use it daily, including, reportedly, engineers at major Chinese tech firms — despite restrictions that technically forbid this.


What Did Alibaba Say?

Alibaba sent an internal notice to its employees on July 3, 2026. The South China Morning Post obtained a copy of the notice. It read:

“As Claude Code was recently discovered to carry back-door risks, after comprehensive evaluation, Claude Code has now been added to a list of high-risk software with security vulnerabilities.”

All employees were told to stop using Claude Code and switch to Alibaba’s own in-house tool called Qoder. Some reports, citing company insiders, say employees were also told to uninstall all Anthropic products entirely — including Claude’s Sonnet, Opus, and Fable model families.


What Started All of This?

On June 30, 2026, a user posted on the Reddit community r/ClaudeAI. They said they had reverse-engineered Claude Code and found hidden code inside it that had been quietly added since version 2.1.91, released on April 2, 2026. There was no mention of this code in any release notes.

According to the Reddit post, this hidden code did two things when it detected a proxy connection:

  • It checked whether the device’s timezone was set to Asia/Shanghai or Asia/Urumqi — both Chinese time zones.
  • It checked the proxy address against a list of Chinese companies and AI labs, reportedly including Alibaba, Baidu, Ant Group, and ByteDance.

What made it more alarming was how the information was sent back. The code allegedly did not send a visible signal. Instead, it hid the data by slightly changing a date format and swapping a punctuation mark inside the system prompt — something invisible to users but readable by Anthropic’s servers. Security researchers called this method steganographic encoding.

The Reddit author called it “a fundamental violation of user trust.”


What Did Anthropic Say?

Anthropic did not release a formal public statement. However, Thariq Shihipar, an engineer on the Claude Code team, responded publicly on X (formerly Twitter).

He described the code as “an experiment we launched in March” with two stated purposes:

  1. To stop unauthorized resellers who were selling Claude API access without permission.
  2. To prevent model distillation — where another company trains its own AI using Claude’s outputs, essentially copying it without authorization.

Shihipar said the team had already planned to remove the code and confirmed the removal was completed on July 1, 2026 — one day after the Reddit post went viral.


The Bigger Picture

This ban did not happen in a vacuum. There is a long history between Anthropic and Chinese tech companies that matters here.

Anthropic’s existing rules already ban Chinese companies — and foreign companies majority-owned by Chinese firms — from using its models. Despite this, companies like Ant Financial and ByteDance reportedly found workarounds through VPNs, overseas subsidiaries, and cloud services.

Anthropic has accused multiple Chinese AI labs of distillation — using Claude’s outputs to train their own competing models. In a letter to two US senators, Anthropic reportedly said this could help China reach advanced AI capabilities faster. The letter specifically mentioned Alibaba’s Qwen lab as running the largest known distillation attack, using around 25,000 fake accounts to access Claude.

Alibaba’s ban came roughly three weeks after those distillation accusations became public. The timing has not gone unnoticed.

On the Chinese side, a grey market has reportedly grown around Claude access — selling API access at up to 90% below normal prices using stolen credentials, while harvesting user prompts to sell as AI training data.

Both sides, in short, have made serious accusations against each other.


What Is Qoder?

Qoder is Alibaba’s own internal AI coding tool. It is the replacement Alibaba is now pushing to all its engineers. Not much public information is available about how it compares to Claude Code in real-world performance. The move to Qoder is widely seen as part of a larger push by Chinese tech companies to build and rely on their own AI tools rather than US ones.


How the Tech World Reacted

Reactions split along predictable lines.

In Chinese tech communities, the story was framed as confirmation of Anthropic embedding surveillance into its software. One tech blogger wrote that Alibaba’s move “underscores the fact that Anthropic’s software indeed harbors security vulnerabilities and engages in malicious surveillance of Chinese users.”

In Western developer circles, a different argument circulated: “If Chinese models were just as good and cheaper, Alibaba employees would not be using Claude Code despite Anthropic banning Chinese users.” The implication being that the ban reveals how much Alibaba’s engineers valued Claude Code in the first place.

Some observers, including the China Biz Buzz account on X, called on both sides to provide evidence before drawing firm conclusions.


A Simple Timeline

DateWhat Happened
April 2, 2026Claude Code version 2.1.91 released — alleged tracking code included with no public announcement
June 30, 2026Reddit user publishes reverse-engineering findings
July 1, 2026Anthropic removes the code via a software update
July 3, 2026Alibaba issues internal ban notice
July 4–5, 2026TechCrunch, Reuters, Tom’s Hardware, SCMP confirm and expand reporting
July 10, 2026Alibaba’s ban officially takes effect

What This Means

This story is a clear example of how the global AI industry is splitting along national lines. American AI companies are tightening access controls. Chinese companies are building their own tools and becoming more cautious about Western software. Developers caught in the middle have fewer cross-border options than before.

Neither side looks entirely clean in this story. Anthropic ran a hidden detection experiment with no public disclosure. Chinese companies allegedly accessed Claude through workarounds and used its outputs to train competing models without permission.

What is certain is that this divide is getting wider, not smaller — and this ban is just one visible piece of it.


Sources

  • TechCrunch — Alibaba reportedly bans employees from using Claude Code (July 4, 2026)
  • South China Morning Post — Alibaba bans staff from using Claude Code over Anthropic spyware concerns (July 3, 2026)
  • Tom’s Hardware — Alibaba bans Anthropic’s Claude Code after an alleged hidden China-detection backdoor is uncovered (July 5, 2026)
  • The Decoder — Claude Code’s complicated China problem involves bans on both sides of the Pacific (July 3, 2026)
  • The Information — Alibaba Bans Employees From Using Claude (July 3, 2026)
  • Reddit r/ClaudeAI — Original reverse-engineering post (June 30, 2026)
  • Thariq Shihipar (Anthropic) — Statement on X (July 2026)
  • Reuters — Alibaba to ban Claude Code, citing security concerns (July 2026)