Chinese technology conglomerate Alibaba Group has ordered its employees to completely cease using Claude Code, the popular AI-powered command line programming assistant developed by U.S. based Anthropic. The internal mandate, which officially takes effect on July 10, 2026, marks an intense escalation in the geopolitical and corporate rivalry dominating the global artificial intelligence sector.
According to internal company communications, Alibaba has formally blacklisted the software following a comprehensive security assessment. The firm has classified Claude Code as a “high-risk software with security vulnerabilities,” citing what it described as severe “back-door risks.”
Beyond just the terminal-based coding tool, reports from company insiders indicate the directive is sweeping, instructing staff to entirely uninstall all Anthropic products including its flagship model families, Claude Sonnet, Opus, and Fable. In lieu of the banned American software, Alibaba management has strongly recommended that its developers transition exclusively to Qoder, Alibaba’s home-grown AI agent platform designed for real world software development.
The corporate ban was triggered by a detailed technical revelation on June 30, 2026. A security researcher on Reddit, posting under the pseudonym LegitMichel777, successfully reverse-engineered the Claude Code binary while attempting to restore a disabled remote control feature.
The investigation exposed highly sophisticated, obfuscated tracking routines embedded within the tool since version 2.1.91, which rolled out on April 2, 2026. The researcher noted:
“Since version 2.1.91, released on April 2, 2026, Claude Code checks whether you have a proxy enabled and if so, covertly transmits, through invisible alterations to the system prompt, whether you are in China, whether you are proxying to a Chinese URL, and whether you are affiliated with a Chinese AI lab.”
The hidden routine functioned by analyzing whether a user’s system timezone matched “Asia/Shanghai” or “Asia/Urumqi” and cross-referencing active proxy configurations against a hardcoded index of prominent Chinese networks and top-tier AI labs including Baidu, ByteDance, Moonshot AI, and Alibaba itself.
Rather than transmitting this data via standard, overt network logs that firewall administrators might flag, Anthropic utilized steganography to conceal the data within the underlying system prompts routed back to its servers. For instance, if a Chinese user was detected, the tool would subtly shift date formats from hyphens to slashes, or swap standard apostrophes out for visually identical but distinct Unicode characters.
The researcher added:
“Anthropic clearly added this check in an attempt to detect unauthorized resale of Claude in China and distillation attempts by Chinese labs. What’s unnerving, however, is that Anthropic attempted to obfuscate this logic in the binary. Much of it is XOR-obfuscated with the key 91, likely to prevent it from showing up in a plain strings dump. Furthermore, the release notes for version 2.1.91 make absolutely no mention of this check.”
While Anthropic did not publish a formal corporate press release regarding the backdoor allegations, members of its engineering team rapidly moved to address the fallout. On July 1, just a day after the forensic breakdown went public, a pull request was merged to strip the tracking architecture from the codebase.
Thariq Shihipar, a software engineer on Anthropic’s Claude Code team, took to social media platform X to clarify the intent behind the hidden software mechanics. He stated it was:
“…an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation. The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while.”
The immediate ban by Alibaba serves as a sharp counter punch in an ongoing corporate feud between the two AI pioneers. Just weeks prior, Anthropic filed a formal letter with the U.S. Senate Banking Committee, leveling massive intellectual property theft accusations against operators tied to Alibaba’s Qwen AI laboratory. Anthropic accused the Chinese lab of deploying nearly 25,000 fraudulent accounts to generate over 28.8 million conversational exchanges with Claude, characterizing it as an industrial scale “model distillation” campaign designed to train Alibaba’s proprietary models on Anthropic’s outputs.
Anthropic maintains an incredibly strict stance against Chinese access to its ecosystem, holding the line as one of the few frontier AI startups to explicitly bar Chinese owned entities from using its products, even via foreign incorporated subsidiaries. Because of these ironclad restrictions, developers inside China routinely rely on proxy networks to leverage Claude Code’s advanced reasoning capabilities a workaround that Anthropic’s hidden script was explicitly designed to hunt.
As Washington and Beijing continue to tighten export controls and cross border digital restrictions, the sudden blacklisting of Claude Code highlights a stark reality for the tech sector: the global AI ecosystem is rapidly fracturing into heavily guarded, mutually distrustful spheres of domestic technology.