Alibaba to ban Claude Code over alleged Chinese-targeted backdoor
Alibaba is blocking Anthropic's Claude Code over a covert detection mechanism, highlighting growing compliance risks for European firms using foreign AI tools.
Alibaba will bar its employees from using Anthropic’s Claude Code in the workplace starting July 10, according to a person familiar with the matter. The restriction follows allegations that the popular coding agent contained a hidden mechanism designed to identify and flag users connected to Chinese corporate networks.
The claims stem from a June 30 reverse-engineering analysis which found that since April 2, Claude Code had been checking user proxy configurations and system timezones against a concealed list of Chinese cloud regions and AI labs. That list reportedly included Alibaba, Baidu, ByteDance and Moonshot AI. Rather than sending an overt alert, the tool allegedly altered its own system prompt’s date format and punctuation to encode a match, functioning as a covert telemetry signal.
Anthropic has not issued a formal public statement on the allegation. A member of the Claude Code team, Thariq, reportedly stated on social media that the mechanism was intended to curb account reselling and model distillation, noting a fix was underway by July 1. The feature was live for roughly three months.
Trust implications for European tech
For European businesses, this dispute exposes the hidden compliance risks embedded in third-party AI infrastructure. The use of covert telemetry to fingerprint users raises immediate questions about data sovereignty, workplace privacy and enterprise security. If a leading US AI developer can quietly build geo-targeting detection into developer tools, European firms must reassess their procurement due diligence to ensure they are not inadvertently importing espionage risks or violating local privacy regulations.
The feud also accelerates the fragmentation of the global AI market. Anthropic has already tightened access to models like Claude Opus for Chinese users, while the broader industry is restricting coding agents over distillation fears. In a June 10 letter to US senators, Anthropic accused operators tied to Alibaba’s Qwen lab of running nearly 25,000 fraudulent accounts to extract Claude’s capabilities, generating over 28.8 million exchanges between April 22 and June 5.
If major technology groups continue to weaponize software dependencies against one another, European developers risk becoming collateral damage in a bifurcated market. Tool availability could increasingly depend on geopolitical alignment rather than technical merit. Neither Alibaba nor Anthropic has fully clarified their positions on the record as the July 10 deadline approaches, and no independent security firm has yet published a full audit of the alleged backdoor.