Alibaba has ordered all its employees to uninstall all Anthropic products from their machines after determining through an internal security audit that the AI coding assistant, Claude Code, has potential embedded backdoor risks. The ban will eliminate one of Alibaba’s most widely used external AI applications from within the Chinese technology juggernaut and signifies a significant escalation in the fracturing of global AI supply chains.
This directive reportedly prohibits the entire Anthropic product line, including its Sonnet, Opus, and Fable model families. A source close to the matter confirmed the ban to Reuters. Employees at Alibaba will be prohibited from using the Claude Coding Assistant in their workplace after July 10 due to the suspected embedded backdoor risks.

The new policy is a change of direction from a prior initiative from the company, which had been previously encouraging staff to use publicly available AI tools. Since early 2026, Alibaba began allowing its engineers flexible financing towards the use of third-party AI tools such as Claude Code, Generative Pre-trained Transformer (GPT), and/or Gemini. This change in policy means that Alibaba will not allow its engineers to be reimbursed for their use of outside AI tools.
Employees were reportedly able to claim as much as $1400 (approximately RMB 10,000) per month in reimbursement for their usage of the outside tools, and engineering teams reported that many engineers took advantage of the program. Developers who focused primarily on Claude Code and other similar services reportedly spent up to several hundred dollars per week prior to making claims against the Alibaba program.
Many software engineers took advantage of the program by using Claude Code as well as competing companies’ products, such as OpenAI’s Codex and Alibaba’s own Qoder agent.
Employees have now lost their option of utilizing Anthropic’s products. The restriction comes after an extended period of growing tension between Anthropic and Chinese AI users.
In a letter sent to Senators Tim Scott and Elizabeth Warren dated June 10, reviewed by Reuters, Anthropic detailed the activities of Alibaba-affiliated operators who generated more than 28.8 million interactions with Claude through approximately 25,000 fraudulently created accounts from April 22 to June 5, which Anthropic described as the largest data extraction operation they had discovered. Additionally, the company alleged that this activity was an attempt to accelerate the development of rival AI systems by using model distillation.
Alibaba is separately challenging its inclusion on the Pentagon’s Section 1260H list of companies the U.S. Defense Department says are linked to the Chinese military, filing a lawsuit in the U.S. District Court for the Northern District of California (San Jose) on June 23.
Anthropic has previously made similar allegations against DeepSeek, Moonshot AI, and MiniMax and utilized similar verbiage when discussing these firms engaging in industrial-scale extraction-related activity. The pattern of allegations and accusations has coincided with Anthropic’s tightening of access: in late June and early July, the company suspended accounts of many Chinese users who had accounts under both personal and team plans, according to Zhidx. Accounts in violation of their terms of service were not refunded and success rates in appeals were described as extremely low.
Aside from the arguments regarding the distillation process, developers who reverse-engineered Claude Code said that all of the versions released from April 2026 and beyond contained code that could determine the local timezone and check the API or proxy configuration against keywords for both Chinese cloud providers and AI companies, according to Zhidx.
The allegations about this code in the Claude Code gained broader attention as a result of recent reports from Reuters about Alibaba’s concerns over possible “embedded backdoor risk” within their applications. However, Reuters has made clear that no detailed technical information from Alibaba has been officially released to the public.
Similarly, The Next Web reported that developers looking at the Claude Code had found a number of code paths identified as inspecting local configuration information (e.g., timezone settings, API/proxy configuration settings), but later Anthropic developers indicated that part of the functionality had been identified as ‘experimental’ and not maliciously created. In addition, both publications write that the exact intent and resulting security risks associated with determining timezone, API/proxy, etc. are debatable; neither publication could provide an independent third-party confirmation of any intentional backdoor.
These findings appear to have been the direct trigger for Alibaba’s security assessment.
The ban removes Anthropic from one of its largest potential enterprise environments in Asia. Alibaba Cloud is one of the world’s biggest cloud platforms, and the company’s AI workforce spans thousands of engineers working on its Qwen model family, cloud infrastructure, and AI-powered commerce tools.
The split also fits a wider pattern. JPMorgan Chase and Goldman Sachs have both restricted staff access to Anthropic models in Hong Kong. Anthropic itself has blocked foreign nationals from accessing its most advanced models under US export-control rules.
For Alibaba, the move consolidates its reliance on domestic AI tools, particularly its own Qwen models, which Chairman Joe Tsai recently called one of the world’s most popular open-source model families while laying out a vision for AI as a $50 trillion market opportunity.
The result is an AI market splitting faster along national lines, with security allegations on both sides accelerating the divide.
If you're reading this, you’re already ahead. Stay there with our newsletter.


