Alibaba Ready to Ban Claude Code for Employees: The Hidden Anti-Distillation Mechanism at the Center
Starting Monday, July 10, 2026, Alibaba may ban the use of Claude Code in internal work environments, according to a source cited by Reuters. The Chinese group cites risks associated with a supposed backdoor discovered on June 30 in a version of Anthropic's tool. The news of the ban was first reported by the Chinese financial newspaper Yicai and later corroborated to Reuters by its own source. Alibaba has not released any public statements nor responded to requests for comment, and thus the measure remains unconfirmed by the company.
What the Researcher Discovered
The mechanism was identified by a Reddit user in the r/ClaudeAI subreddit while attempting to restore a remote control function disabled in a recent version of Claude Code. The code had been present since version 2.1.91, released on April 2, 2026, without any mention in the release notes: it remained active for about three months before being removed.
In the presence of an active proxy, the tool checked whether the system's timezone corresponded to Asia/Shanghai or Asia/Urumqi and if the proxy address appeared on a list of domains linked to Chinese AI laboratories, including Alibaba, Baidu, ByteDance, and Moonshot AI. If there was a match, Claude Code steganographically altered its system prompt: it changed the date format and replaced the apostrophe in the string "Today's date is" with one of three visually identical but technically distinct Unicode characters, selected based on the combination of detected signals.
Anthropic's Version
As previously reported, Thariq Shihipar, an engineer on the Claude Code team at Anthropic, wrote on X that it was an experiment launched in March, aimed at preventing account abuse by unauthorized resellers and protecting against model distillation. He added that the pull request to remove the code had already been approved before the issue emerged publicly, ahead of the release on July 2, 2026: "The team introduced stronger mitigations since then and we actually intended to remove it a long time ago."
The removal of the steganographic code has already been confirmed by Anthropic in recent days, but the company has not issued a formal public statement regarding the backdoor accusation; when asked about the potential declaration of the mechanism in its terms of service, a spokesperson merely referred to Shihipar's comments.
In the Background, the Distillation Accusation
This incident occurs against a backdrop of growing tensions between the two companies. In a letter dated June 10, 2026, to U.S. senators, Anthropic accused operators linked to Alibaba's Qwen lab of managing approximately 25,000 fraudulent accounts to extract Claude's capabilities, generating over 28.8 million exchanges between April 22 and June 5, 2026. According to Anthropic, in scale, the campaign would have surpassed the combined total of three previous cases already reported in Washington, traceable to DeepSeek, Moonshot AI, and MiniMax.
It remains controversial, in the absence of an independent audit, whether the mechanism discovered in Claude Code was a crude anti-fraud filter or a targeted surveillance tool on Chinese users.