Saturday, 4 July 2026 Newsarchy UK live index
NewsarchyUKUK
Every UK story. Mapped, sourced, and explained where it matters.
Business

Alibaba bans employee use of Claude Code citing security tracking risks

Alibaba is mandating that employees move to its proprietary Qoder platform after discovering hidden tracking mechanisms within Anthropic’s Claude Code. The decision follows tensions regarding data security and model integrity in the AI sector.

Alibaba bans employee use of Claude Code citing security tracking risks
Alibaba bans employee use of Claude Code citing security tracking risks

Alibaba has officially prohibited its workforce from utilizing Anthropic’s Claude Code, categorizing the software as a high-risk security vulnerability. The directive, which follows internal assessments, requires staff to transition their development workflows to Qoder, a proprietary coding platform developed internally by Alibaba. This shift, effective 10 July, represents a significant escalation in the ongoing tension between Chinese technology firms and American software providers regarding data sovereignty, model integrity, and cross-border security.

The decision to ban the tool stems from recent revelations that Claude Code contained hidden mechanisms capable of tracking and identifying users based in China. Security researchers identified obfuscated code within the software that examined system environments for indicators such as specific timezones, including Asia/Shanghai and Asia/Urumqi, and monitored for the presence of proxy-related domains or connections to Chinese research laboratories. These findings were confirmed by analyses that observed the software employing steganographic techniques to embed markers into data packets returned to Anthropic’s servers—essentially hiding machine-parseable signals within routine system prompts to bypass detection by human users.

According to an engineer on the Anthropic team, the tracking functionality was an experimental feature introduced in March. The representative described the measure as an effort to mitigate account abuse by unauthorized resellers and to safeguard intellectual property against model distillation, a practice where developers use the outputs of advanced systems to train smaller, competing models. Although the engineer stated that a request to remove the code was merged on 1 July, the discovery has significantly eroded trust among Chinese enterprises.

The conflict occurs against the backdrop of accusations brought by Anthropic, which claimed in a letter to the US Senate Banking Committee that entities affiliated with Alibaba’s Qwen laboratory had engaged in a large-scale distillation effort. Anthropic alleged that roughly 25,000 fraudulent accounts were used to generate millions of exchanges between April and June to extract capabilities from its models. Alibaba has denied these allegations, even as the dispute intensifies according to reporting from Propakistani.

The technical nature of the ban highlights the unique risks associated with development agents that require deep access to local file systems. Because tools like Claude Code are designed to read, modify, and execute code across a user’s environment, the presence of undisclosed surveillance capabilities raised immediate alarms regarding data exfiltration and potential system sabotage. Cybersecurity observers in China, such as Huorong Security, noted that the use of such covert methods complicates regulatory compliance for firms operating under Chinese data security laws.

Timeline of Escalation

  • March: Anthropic introduces experimental tracking features into its software to curb unauthorized usage and model distillation.
  • 10 June: Anthropic formally accuses Alibaba-affiliated developers of mass model distillation in a letter to US legislators.
  • 30 June: Independent researchers publish findings detailing how obfuscated, steganographic code identifies users in China.
  • 1 July: Anthropic merges a pull request to remove the contested tracking mechanisms.
  • 10 July: Alibaba’s internal ban on Claude Code officially takes effect, mandating the use of Qoder.

By mandating the use of Qoder, Alibaba seeks to maintain oversight of its internal codebase while insulating its engineers from potential disruptions tied to foreign export controls or monitoring tools.

As noted by observers, the push by major Chinese tech companies to move employees toward domestic platforms is a direct response to the perceived instability of relying on foreign tools that may possess unknown or "hidden" operational capabilities. Whether this transition will be replicated by other firms remains a point of observation for stakeholders monitoring the developing rift between the two nations' AI ecosystems.

With Alibaba moving its internal operations fully toward its own ecosystem, the immediate next steps involve the firm’s continued rollout of its domestic Qoder suite, which is designed to satisfy local compliance standards.

Related stories