Alibaba Group Holding has prohibited its employees from using Anthropic’s AI coding tool, Claude Code, within its workplace, citing significant security concerns linked to the platform. The ban, which takes effect from July 10, follows revelations that Anthropic had embedded hidden code in Claude Code capable of tracking users based in China or those connected to Chinese AI institutions.

According to an internal notice reviewed recently, Alibaba designated Claude Code as high-risk software due to these backdoor vulnerabilities. The company’s decision responds to reports that the AI agent covertly collected user information, including time zone data and proxy usage, and transmitted it back to Anthropic without explicit consent. This practice was discovered earlier this month by security researchers who shared their findings across online platforms such as Reddit and GitHub.

Anthropic engineer Thariq Shihipar acknowledged the embedded tracking system on social media, describing it as an experimental measure introduced in March. The company defended the move, arguing it was intended to prevent account misuse by unauthorized resellers and to guard against “distillation,” a technique in which outputs from major AI models are used to train smaller models—a practice Anthropic has accused several Chinese firms, including Alibaba, of engaging in recently. Shihipar confirmed that the tracking code would be removed as part of the re-release of Claude Fable 5, a new iteration of the platform, and noted that stronger security measures had already been developed.

Industry experts and cybersecurity firms in China expressed concerns over the implications of Anthropic’s actions. Huang Yong, a Beijing-based IT developer, warned that the secret integration of monitoring code created potential backdoors in users’ systems, particularly since many developers run Claude Code with extensive access to local files. Huarong Security, a Chinese cybersecurity company, highlighted that the undisclosed data collection raised not only transparency issues but also regulatory concerns involving cross-border data compliance.

The incident has sparked widespread debate among developers and users, many of whom criticized the necessity of granting Claude Code broad permissions on their devices. Commentators noted the risk that such access, under the guise of a timezone check, could escalate into more harmful activities, including data theft or sabotage.

The controversy comes amid broader tensions surrounding U.S. export controls on advanced AI technologies. In June, the U.S. government imposed restrictions on Anthropic’s Mythos-powered Fable 5 model, barring its supply to foreign nationals over reported security vulnerabilities. After suspending the model temporarily to comply, Anthropic resumed access following the lifting of these controls last week.

Inside Alibaba, employees have reportedly been encouraged to use the company’s proprietary coding platform, Qoder, as an alternative, underscoring the strategic imperative for domestic AI development amid escalating U.S.-China technology rivalry.

Lizzi Lee, a fellow at the Asia Society Policy Institute’s Centre for China Analysis, noted that Alibaba’s move reflects broader challenges related to compliance, security, and technological sovereignty in the evolving AI landscape. She emphasized that if U.S.-based AI tools can identify and discriminate against Chinese users or their proxies, it is understandable why leading Chinese tech firms would restrict their internal adoption of such software.