Alibaba Bans Claude Code After Reverse Engineers Find User-Detection Code in April Release

Effective July 10, Alibaba staff must delete all Claude models and switch to Qoder - three days after Anthropic confirmed the detection mechanism existed and said engineers had already removed it.

Saganote
Saganote ·
3 Min Read

Alibaba is telling all employees to stop using Claude Code by July 10, The Information first reported Thursday. Staff must delete all Claude models. Three days before that announcement went public, a Reddit user published a reverse-engineering analysis of Claude Code v2.1.91, the April 2026 release, claiming the tool contained code that flagged users located in China or affiliated with a Chinese AI lab. Anthropic confirmed the code existed, said engineers had already removed it, and characterized it as an experiment against account abuse rather than user surveillance.

Anthropic Confirmed the Code but Called It an Anti-Abuse Experiment

Anthropic engineer Thariq Shihipar addressed the Reddit findings in a post on X. He described the mechanism as "an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation." Stronger protections replaced it, he said. A pull request removing the code from Claude Code merged on July 1, before Alibaba's ban became public.

Framing the mechanism as anti-abuse tooling put Anthropic in a defensible position. Both descriptions refer to the same code. Reddit users who reverse-engineered Claude Code v2.1.91 described it in starker terms than Shihipar did - the pull request that removed it merged on July 1, four days before Alibaba's announcement. Whether that distinction matters depends on which side of the Pacific you ask.

Alibaba Classified Claude Code as High-Risk Software

Employees received an internal directive classifying Claude Code as high-risk software containing security vulnerabilities. July 10 is the cutoff date. Anthropic's terms of service already prohibited Chinese companies - including foreign entities owned by Chinese companies - from using its models. That detection mechanism, however Anthropic characterized it, gave Alibaba concrete grounds for an exit that Anthropic's own policy had already required.

Distillation Accusations Ran Alongside the Access Fight

Anthropic previously accused Alibaba, DeepSeek, Moonshot AI, and MiniMax of using Claude outputs to train competing models. Alibaba has not publicly responded to those accusations. Roughly 25,000 fraudulent accounts and 28 million API interactions between April and June: Anthropic framed that as the scale of one distillation campaign. Chinese companies including Ant Financial and ByteDance have reportedly worked around Anthropic's terms through overseas subsidiaries in Singapore and VPNs, according to the Financial Times. Developers weighing AI coding assistants now face access decisions shaped as much by corporate affiliation as by what the tool can actually do.

Qoder is the mandated alternative. No third-party API, no export control exposure. SpaceX's $60 billion acquisition of Cursor showed how valuable AI coding tools have become to large tech organizations - Alibaba's move suggests access to those tools is now as much a geopolitical question as a technical one. Anthropic has not disclosed what those stronger mitigations are, and the Chinese companies that reportedly continued using Claude through workarounds have not confirmed they have stopped.


Share this
Saganote

About Author

Saganote

Saganote is an independent technology publication covering artificial intelligence, startups, cybersecurity, consumer technology, science, and innovation. Our editorial team reports on the companies, products, and ideas shaping the future.