Alibaba has reportedly banned employees from using Anthropic’s Claude Code at work, escalating a growing dispute between the Chinese technology giant and the U.S. AI company over access restrictions, alleged backdoor risks and model-distillation concerns.
Employees Told to Use Qoder Instead
The reported ban is also pushing Alibaba employees toward the company’s own software tools.
Reuters reported that Alibaba employees were being told to use the company’s own coding platform, Qoder, according to a person familiar with the order.
The restriction may go beyond one coding assistant.
Tom’s Hardware reported that staff were allegedly told to uninstall all Anthropic products, including the Sonnet, Opus and Fable model families. Alibaba has reportedly classified Claude Code as high-risk software and is instructing employees to use Qoder instead.
China-Linked User Detection Sparks Concern
The controversy centers on claims that Claude Code could detect China-linked users. Developers said Claude Code contained mechanisms that inspected user environments, including timezone and proxy-related information, and inserted subtle markers into prompts sent to Anthropic’s servers.
The alleged detection logic checked whether a system timezone matched Asia/Shanghai or Asia/Urumqi and inspected proxy URLs against a hardcoded list of Chinese domains and AI lab identifiers, reportedly including Alibaba, Baidu, Ant Group and ByteDance. A Reddit post claimed some of Anthropic’s loophole-closing involved a version of Claude Code that could secretly identify Chinese users.
The technical concern is not only that detection happened, but how it allegedly happened. The tool allegedly encoded its findings steganographically by tweaking the date format and swapping a punctuation character in the system prompt sent back to Anthropic’s servers.
Anthropic Says It Was Fighting Abuse
Anthropic has framed the disputed mechanism as part of its effort to stop unauthorized access. An Anthropic employee wrote on X that the feature was “an experiment we launched in March” intended to prevent account abuse by unauthorized resellers and protect against model distillation.
Anthropic’s Thariq Shihipar said the experiment was meant to prevent account abuse from unauthorized resellers and protect against distillation. Shihipar said the team had been meaning to remove the code and that the pull request stripping it out was merged on July 1.
The dispute is tied to Anthropic’s broader restrictions on China.
TechCrunch reported that Anthropic already prohibits Chinese companies, as well as foreign entities owned by those companies, from using its models. Claude Code has become popular among programmers in China despite Anthropic’s restrictions on access by users and entities in China.
Distillation Fight Deepens the Rift
The ban also follows Anthropic’s claim that Alibaba was involved in a model-distillation effort. Anthropic accused Alibaba of illicitly extracting Claude AI model capabilities through a “distillation” effort, which involves training a less capable model on the outputs of a stronger one. Anthropic accused operators affiliated with Alibaba’s Qwen lab of using nearly 25,000 fraudulent accounts to generate 28.8 million exchanges with Claude between April 22 and June 5.
The result is a workplace software ban that reflects a much larger AI conflict. Alibaba’s reported move shows how companies caught between U.S. model restrictions and Chinese security concerns may increasingly favor domestic AI tools. For Anthropic, the issue highlights the difficulty of stopping unauthorized access without triggering backlash over surveillance, trust and transparency.