Alibaba will bar employees from using Anthropic’s Claude Code starting July 10, according to an internal notice seen by the South China Morning Post and a source cited by Reuters, after researchers found the coding agent had spent three months silently fingerprinting users tied to Chinese corporate networks and AI labs.

The internal memo is unusually blunt. “As Claude Code was recently discovered to carry back-door risks, after comprehensive evaluation, Claude Code has now been added to a list of high-risk software with security vulnerabilities,” it reads. Staff are being pointed toward Qoder, Alibaba’s in-house coding agent, as a substitute.

The technical story surfaced on Reddit. On June 30, a user posting as LegitMichel777 published a reverse-engineering write-up showing that Claude Code version 2.1.91, shipped on April 2, had been checking users’ proxy configuration and system timezone against a hidden list of Chinese cloud regions, corporate networks, and AI labs. Results were encoded back into the system prompt using steganography: invisible Unicode markers, swapped date-format separators, with portions of the domain list obfuscated through XOR and base64. A pull request removing the mechanism was merged on July 1.

Anthropic’s framing is narrower. Thariq Shihipar, an engineer on the Claude Code team, described the code on X as “an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation.” The Register notes Anthropic hasn’t said whether the fingerprinting was disclosed in its terms of service.

Context matters here. On June 10, Anthropic wrote to the U.S. Senate Banking Committee alleging that operators tied to Alibaba’s Qwen lab ran roughly 25,000 fraudulent accounts generating 28.8 million exchanges between April and June. Alibaba denies it. No independent audit of the tracking code has been published.

Two firms accusing each other of covert conduct, with the artifacts of that conduct now sitting in a public git history: the U.S.–China AI decoupling isn’t a policy forecast anymore, it’s a codebase.

Sources