Alibaba plans to prohibit Claude Code due to concerns regarding potential backdoor vulnerabilities, according to a source.
The workplace ban set to take effect on July 10 comes shortly after Anthropic accused operators affiliated with Alibaba’s Qwen lab of conducting the largest known distillation campaign targeting Claude. According to a source familiar with the situation cited by Reuters, Alibaba will prohibit its employees from utilizing Anthropic’s Claude Code in workplace settings starting July 10.
The official reason for this ban is an alleged backdoor within the coding tool, although Alibaba has not publicly acknowledged the decision and did not respond immediately to a request for comment. Initially reported by the Chinese financial news outlet Yicai, Reuters later confirmed it through its own source. This ban arrives during a time of heightened tension between Anthropic and Alibaba, with both AI divisions accusing each other of misconduct in recent months, first regarding model theft and now concerning an alleged spying mechanism included in Claude’s tooling.
Claude Code serves as Anthropic’s command-line coding assistant, enabling developers to write and debug software through a terminal instead of a chat interface. It has quickly become one of the company’s fastest-growing enterprise offerings, which makes a workplace-wide ban at a large company like Alibaba particularly significant.
The claim of a backdoor originated from a Reddit post on June 30 by a user named LegitMichel777, who stated they reverse-engineered Claude Code while re-enabling a disabled remote-control feature. Accompanying the post was a technical write-up, later summarized by various outlets including CyberSecurity News and Tech Times, which indicated that since version 2.1.91, released on April 2, the coding assistant had discreetly checked whether a user’s proxy settings or system timezone matched entries on two hidden lists.
One of these lists allegedly contained the names of Chinese corporate networks, cloud regions, and AI labs, including Alibaba, Baidu, ByteDance, and Moonshot AI. If a match was detected, the tool supposedly modified the date format and changed a punctuation character in its own system prompt to encode that detection, instead of sending a direct telemetry signal.
Anthropic has yet to release a formal public response to these allegations. A team member from Claude Code, Thariq, reportedly stated on social media that the mechanism was intended to prevent account reselling and model distillation, and that it would be removed in the next release—a fix that The Register and others reported was already in progress by July 1.
This timeline suggests that the mechanism was operational for nearly three months before it was planned for removal. The situation did not occur in a vacuum; in a letter sent to US senators on June 10, Anthropic accused Alibaba’s Qwen AI lab operators of managing around 25,000 fraudulent accounts to exploit Claude’s software engineering and reasoning capabilities, resulting in over 28.8 million interactions between April 22 and June 5.
At that time, it was noted that this campaign surpassed the combined scale of three previous distillation efforts Anthropic had flagged to Washington, attributed to parties like DeepSeek, Moonshot, and MiniMax. Alibaba has also remained silent regarding that accusation.
This dispute aligns with a larger trend of tech companies imposing restrictions on coding agents due to concerns about distillation, as well as Anthropic tightening access for Chinese users through tools like Claude Opus and limitations on the Fable model. Whether the alleged backdoor functioned as a targeted espionage tool or merely a broad anti-fraud measure affecting regular Chinese developers remains debated, and no independent security firm has yet conducted a comprehensive audit of the claim.
If Alibaba implements the ban as described on July 10, it would be one of the first major firms to officially restrict Claude Code specifically due to these allegations, rather than for competitive or cost-related reasons. Chinese developers relying on proxy routing to access the tool would be particularly vulnerable if the detection worked as described by the researcher.
Reuters indicated that its report was based on a single source and that Alibaba had not responded by the publication time. Anthropic was not directly quoted in the Reuters report, leaving both companies' complete positions on the matter unclear as the July 10 deadline approaches.
Other articles
Alibaba plans to prohibit Claude Code due to concerns regarding potential backdoor vulnerabilities, according to a source.
According to a source, Alibaba will prohibit employees from utilizing Anthropic's Claude Code starting July 10 due to a supposed backdoor, in the context of a broader conflict involving Claude and Qwen.
