Key Points:
- Alibaba has banned employees from using Anthropic’s Claude AI tools starting July 10, placing Claude Code on its high-risk software list.
- The ban follows the discovery of hidden telemetry tracking inside Claude Code designed to identify and flag users based in China.
- To bypass outbound network security checks, the unreleased tracking code used steganographic prompt alterations to leak location data.
- The move intensifies a corporate feud after Anthropic accused Alibaba’s Qwen lab of deploying 25,000 fake accounts to clone its model.
Alibaba has issued an internal directive prohibiting all employees from using Anthropic’s entire suite of Claude artificial intelligence models and programming tools, effective July 10, 2026. The company placed Claude Code, a command-line AI assistant popular among software developers, on its restricted “high-risk software” list, requiring staff to immediately uninstall all local installations. This policy shift marks a sharp reversal from earlier this year, when the e-commerce conglomerate actively encouraged and even reimbursed staff for using top-tier overseas generative AI models. Instead of relying on Western tools, management is now instructing its software engineering teams to transition entirely to Qoder, its proprietary in-house AI coding assistant.
The decision to blacklist the American startup’s software follows the discovery of a hidden tracking mechanism embedded deep inside Claude Code. Cybersecurity researchers reverse-engineering the tool discovered that it contained obfuscated code designed to quietly detect whether the local user was operating from China. Because these hidden processes ran silently in the background of developers’ computers without their explicit knowledge or consent, this behavior presents a serious data compliance hazard and a violation of basic software transparency standards.
The technical mechanics of the hidden tracking code show a highly sophisticated approach to avoiding detection by standard corporate firewall monitors. The code, which had been quietly active since the release of version 2.1.91 on April 2, 2026, checked the local system timezone for regional settings matching China and scanned for network connections running through regional domains. To avoid triggering automated anti-malware flags that typically block outbound network pings to unknown servers, the system did not transmit the collected data through conventional telemetry calls. Instead, it used steganography, making microscopic, machine-parseable alterations to the system prompts sent back to the developer’s servers—such as changing date-format separators from dashes to slashes or swapping standard punctuation characters with visually identical Unicode equivalents.
While the discovery has sparked widespread concern among Asian software developers, the development team defended the mechanism on social media as a necessary, defensive anti-abuse measure. The team confirmed that the code was an experiment launched in March, designed primarily to prevent unauthorized account reselling on the black market and protect the company’s intellectual property from model distillation. The startup officially prohibits Chinese companies and their foreign subsidiaries from commercially using its models. The team has since removed the tracking code from subsequent updates.
The controversy highlights a deeper, systemic rivalry between the US and Chinese artificial intelligence ecosystems. The corporate standoff follows a series of strict national security directives from the United States government, which ordered the startup to suspend access to its highest-capability models, including Fable 5 and Mythos 5, for foreign nationals. Because these advanced systems possess highly dual-use capabilities—ranging from automated software code generation to autonomous vulnerability exploitation—Western regulators are taking aggressive steps to ring-fence their technology, forcing domestic developers to implement strict geofencing and user validation protocols.
The timing of the ban also coincides with a massive commercial battle over advanced model distillation and intellectual property rights. The Chinese retail giant has recently focused heavily on funding and scaling its own domestic generative models, which compete directly with Western platforms in Southeast Asia and other emerging markets. Just days prior to the ban, the tech giant agreed to participate in a massive restructure of its own specialized subsidiary, Beijing Kling, valuing the generative video model developer at an impressive $15 billion. By developing independent, state-of-the-art tools like Kling and Qoder, Chinese tech firms are working to eliminate their operational dependence on restricted Western software.
The relationship between the two technology leaders had already deteriorated significantly before the backdoor discovery. Last month, the American startup sent a formal letter to several U.S. senators accusing operators affiliated with the Chinese firm’s Qwen AI lab of conducting the largest known model distillation attack in history. The letter claimed that these operators used almost 25,000 fraudulent accounts to generate over 28.8 million interactions with Claude between April and June. The startup argued that the industrial-scale campaign was a deliberate, systematic attempt to harvest its model’s software-engineering and multi-step reasoning capabilities to train the Chinese firm’s own models at a fraction of the traditional research and development cost.
By forcing its engineers to abandon Western coding assistants, the Chinese e-commerce giant is seeking to protect its sensitive internal code repositories and accelerate developer lock-in within its own technology ecosystem. Coding assistants have become one of the first areas where enterprises can translate generative technology into immediate, double-digit productivity improvements. If engineers use foreign tools that covertly monitor their environments or log local directories, they expose critical proprietary code to international interception. Moving exclusively to Qoder guarantees that all proprietary development remains securely sandboxed within the company’s private cloud infrastructure.
Ultimately, the high-profile ban represents a critical milestone in the ongoing balkanization of the global technology sector. As geopolitical tensions continue to escalate, the era of frictionless, cross-border access to advanced software development tools is officially ending. Both US and Chinese tech firms are increasingly viewing third-party applications with extreme suspicion, prioritizing national tech sovereignty and data security over collaborative innovation. The coming weeks will reveal whether the company’s explanation will satisfy the ministry’s demands or if the government will pursue harsher penalties, permanently reshaping how social media corporations run their advertising businesses in the world’s most populous digital market.




