中文
← Back to news
ToolsJul 3, 2026

Alibaba Bans Claude Code Internally After Covert Detection of Chinese Users Exposed

On July 3, 2025, Alibaba issued an internal notice banning all Anthropic products, including Claude Sonnet, Opus, Fable models and Claude Code, requiring employees to uninstall by July 10. The alternative is Alibaba's self-developed Qoder.

Background

  • Earlier this year, Alibaba encouraged employees to use external AI tools with generous reimbursement, covering Claude, GPT, Gemini, etc.
  • On June 10, Anthropic wrote to the U.S. Senate Banking Committee, accusing Alibaba of using about 25,000 fake accounts to interact with Claude over 28 million times between April 22 and June 5, labeling it an "industrial-scale model distillation attack" and elevating it to national security.
  • In late June, many Chinese users had their Anthropic accounts banned, including personal subscriptions and team accounts, with paid accounts not refunded and appeals difficult.

Key Detail: Claude Code's Covert Detection Mechanism

  • On June 30, Reddit user LegitMichel777 reverse-engineered Claude Code and found that since version 2.1.91 released on April 2, it had a built-in covert user detection mechanism.
  • The mechanism works in three steps:
    • Reads system timezone (e.g., Asia/Shanghai or Asia/Urumqi), checks proxy addresses or custom APIs for 147 Chinese cloud and AI company domains (e.g., Alibaba, ByteDance, Baidu, Moonshot AI, MiniMax).
    • If triggered, no popup appears; instead, it modifies the system prompt's date format (e.g., changes "2026-06-30" to "2026/06/30") and replaces the apostrophe in "Today's date is" with different Unicode characters (right single quotation mark, modifier letter apostrophe, modifier letter turned comma) corresponding to different hit states.
    • The modified prompt is sent back to Anthropic servers with normal requests, forming an environment fingerprint.
  • The core code logic is obfuscated, with 147 domains encrypted and no mention in version changelogs.

Reactions and Impact

  • On July 2, Claude Code team member Thariq Shihipar acknowledged the measure as an "experimental" feature launched in March to prevent account resale and model distillation, and claimed it was rolled back in the same day's new version.
  • On July 3, Alibaba responded the next day by issuing the ban, classifying Claude Code as a security risk with implanted backdoors, adding it to the high-risk software list.
  • This move marks a shift in China's top tech companies' attitude towards relying on external closed-source tools, from "borrowing" to "security first."

Also available in 中文.