Particle.news

Alibaba Bans Anthropic’s Claude Code for Workplace Use

Revelations that Claude Code included an experimental client-side detector flagging China-linked users prompted Alibaba’s workplace ban.

Overview

  • Alibaba told staff to stop using Claude Code for work starting July 10 and added the tool to a high-risk software list while directing employees to adopt its internal coding agent Qoder.
  • Security researchers and a Reddit reverse-engineer reported that Claude Code ran obfuscated checks of time zone, proxy status and hardcoded China-linked identifiers and then encoded that classification back to Anthropic inside prompts.
  • Anthropic said the detector was an anti-abuse experiment launched in March to combat account abuse and large-scale model distillation and that the client-side code was removed when a pull request was merged on July 1.
  • Anthropic has accused operators tied to Alibaba’s Qwen lab of running an industrial-scale distillation campaign using roughly 25,000 fraudulent accounts that produced about 28.8 million exchanges with Claude between April 22 and June 5.
  • The episode raises new enterprise security and supply-chain concerns because coding agents run next to local source code and secrets, and it could accelerate corporate moves toward auditable, domestic AI tools and tighter export or access controls.