Alibaba has told employees to stop using Anthropic's Claude Code and delete Anthropic models from work machines, according to an internal notice reported this week. The ban takes effect July 10, and staff are being steered toward Qoder, Alibaba's own coding tool.
The trigger was a discovery that Claude Code carried hidden code capable of checking whether a user was routing through China or tied to a Chinese AI lab. That set off a wave of anger in Chinese developer circles, and Alibaba's response was to reclassify the tool rather than argue about intent.
What the notice actually says
Alibaba's language is blunt. The company said Claude Code was recently discovered to carry back-door risks and had been added to a list of high-risk software with security vulnerabilities, per the internal notice seen by the South China Morning Post. Employees have to uninstall Anthropic's model series, Sonnet and Opus and Fable among them, not just the coding agent.
Worth remembering who's writing this. The ban comes from a company Anthropic publicly accused, in a June letter to the Senate Banking Committee, of running the largest known distillation attack against Claude, roughly 25,000 fraudulent accounts and 28.8 million interactions across a few weeks. Alibaba denies it. So the security framing and the grudge are hard to fully separate here.
The code that started it
The technical account that got picked apart came from a developer poking at Claude Code v2.1.91. The reverse-engineering writeup describes steganography, secret data hidden in plain sight, applied to the system context sent to Anthropic's servers. It checked the base URL environment variable that routes API requests through a proxy.
"This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust." That's the researcher's own read, and it lands harder than either company's spin because it isn't trying to sell anything.
Anthropic didn't deny the mechanism. Engineer Thariq Shihipar, on the Claude Code team, called it on X an experiment from March meant to stop account abuse from unauthorized resellers and guard against distillation. He said stronger protections had already shipped and the team had been meaning to pull it, with the rollback merged for the July release. Fine. But asked whether any of this was disclosed in the terms of service, Anthropic's spokesperson pointed back to that same post, which doesn't answer the question.
Why Qoder, and why now
Until recently Alibaba was subsidizing this stuff. The company reimbursed employees for external models, and some developers were burning hundreds of dollars a week on Claude, GPT and Gemini. Now it's telling those same developers to switch to an in-house tool. Forcing tens of thousands of engineers onto Qoder generates usage data fast. It also annoys the people who preferred what they had.
Anthropic already couldn't sell commercially in China, and it spent late June and early July mass-banning Chinese accounts it flagged as violating the rules. The Financial Times has reported the company is working to close the workarounds, foreign phone numbers, overseas subsidiaries, cloud resellers, that Chinese firms use to reach Claude anyway. So both sides are now walling the other off, which makes the July 10 cutoff less a surprise than the next step.
The deadline is firm: July 10 for the Alibaba ban to take hold. Anthropic's rollback of the tracking code has already shipped.




