Alibaba bans employees from using Claude Code due to security risk concerns.



It has been revealed that Alibaba, the Chinese big tech company, has banned its employees from using Anthropic's AI coding tool 'Claude Code' due to high security risks.

Alibaba to ban employees from using Anthropic's coding tool, source says | Reuters

https://www.reuters.com/world/china/alibaba-ban-claude-code-workplace-over-alleged-backdoor-risks-source-says-2026-07-03/

Alibaba bans Claude Code over hidden Chinese user tracking
https://thenextweb.com/news/alibaba-bans-claude-code-anthropic-tracking-chinese-users

Alibaba bans staff from using Claude Code over Anthropic spyware concerns | South China Morning Post
https://www.scmp.com/tech/big-tech/article/3359375/alibaba-bans-staff-using-claude-code-over-anthropic-spyware-concerns

According to reports, Alibaba has banned the use of Claude Code from July 10, 2026, after security researchers discovered that the code contains hidden code designed to identify Chinese users. An internal notice has been issued stating that 'Claude Code has recently been identified as having a backdoor risk, and as a result of a comprehensive assessment, it has been added to the list of high-risk software with security vulnerabilities.'

Reuters, citing an anonymous employee, reported that Alibaba employees were instructed to use its own coding platform, 'qoder.'

The hidden code that Alibaba reacted to was pointed out by Reddit user LegitMichel777.

Anthropic embedded spyware in Claude Code — and attempted to hide it from you : r/ClaudeAI
https://www.reddit.com/r/ClaudeAI/comments/1ujila1/anthropic_embedded_spyware_in_claude_code_and/

LegitMichel777 stated that he was running his personal Claude Code environment via a proxy to perform fine-grained context management by combining GPT and Claude, and that the remote control function when the proxy was enabled was disabled in Claude Code version 2.1.196, released on June 30th. He said that he was reverse engineering Claude Code to revert the changes and discovered suspicious code.

The code in question is included in version 2.9.1 and later, released on April 2, 2026. It first checks if a proxy is enabled, and if so, it makes invisible changes to the system prompt, secretly sending information about whether the user is in China, whether they are using a proxy connection to a Chinese URL, and whether they have an AI research institute in China. Anthropic also obfuscated the code within the binary.

A similar discovery was made by independent developer Thereallo.

Claude Code was reportedly recording users' connection paths by 'changing the date format,' using a mechanism to distinguish between different formats such as '2026-06-30' and '2026/06-30' - GIGAZINE



Regarding the addition of the code, Anthropic engineer Tariq Sihipal commented, 'Since March 2026, we have been conducting experiments aimed at preventing account abuse by unlicensed resellers and protecting against distillation. The team has since implemented stronger measures, so we had planned to end the experiments anyway. We have merged the pre-request, and it will be fully rolled back in the July 1st release.'



Anthropic had accused Alibaba's AI research institute, Qwen Lab, of launching a distillation attack.

Anthropic accuses Alibaba of 'distillation attack,' alleging over 28.8 million accesses to Claude - GIGAZINE



Alibaba and Anthropic have not commented on this matter. The South China Morning Post, which is owned by Alibaba, also stated that it was unable to obtain a comment from Alibaba on this matter.

in AI,   Security, Posted by logc_nt