Notification

×

Iklan

Iklan

Alibaba Prohibits Staff from Using Claude Code Amid Spyware Fears

Monday, July 6, 2026 | 12:41 PM (GMT-04.00) Last Updated 2026-07-06T16:45:48Z
    Share
Alibaba Prohibits Staff from Using Claude Code Amid Spyware Fears

Alibaba Bans Claude Code Over Security Concerns

Alibaba Group Holding has placed Anthropic's Claude Code on a list of high-risk software, citing security risks linked to the US artificial intelligence company's use of hidden code to track Chinese users. This decision has led to widespread backlash in recent days.

In an internal notice seen by the South China Morning Post, Alibaba stated that after a comprehensive evaluation, Claude Code had been added to a list of high-risk software with security vulnerabilities. The company announced that all staff members would be prohibited from using Claude Code in the office starting from July 10.

The company was referring to Anthropic's earlier move to embed code in its Claude Code coding agent platform that could secretly track whether a user was based in China or affiliated with a Chinese AI lab, according to people familiar with the matter.

Anthropic's covert practice was discovered earlier this week by security researchers, who posted their findings on platforms including Reddit and GitHub. According to a report by cybersecurity-focused outlet International Cyber Digest, Claude Code was accused of logging information about certain users - including whether they were using proxies or located in Chinese time zones - and hiding such data in messages sent back to Anthropic.

Responding to an X post by the outlet that called the tracking code "a serious breach of user trust", Anthropic engineer Thariq Shihipar said on Wednesday that it was "an experiment" launched by the company in March. He said the move was designed to "prevent account abuse from unauthorised resellers and protect against distillation" - a common practice in the AI industry that uses outputs from large AI models to train smaller ones.

Anthropic, a vocal advocate for measures to contain China's AI development, has repeatedly accused a number of Chinese companies including Alibaba of distillation in recent months. Shihipar said the tracking system would be rolled back on Thursday as part of a broader re-release of Claude Fable 5, while confirming the company had been "meaning to take this down for a while" as it had since created "stronger mitigations".

Huang Yong, a Beijing-based IT developer, warned that Anthropic's use of secret code had created severe security risks. As many developers had used Claude Code on their laptops to read and modify local files, the company's decision to "stealthily" insert code into the platform had effectively created back doors to their computers, he said.

Huorong Security, a Chinese cybersecurity firm, added that Anthropic's eavesdropping on its users was not only a transparency issue, but also raised cross-border data compliance concerns.

The story has also sparked heated debate online, with many users on Reddit pointing out that the need to grant Claude Code full access to their computers left developers highly vulnerable. "Today it's a timezone check. Tomorrow, it could be system sabotage or data exfiltration," one user said.

Washington last month imposed export controls on Fable 5 - the public version of Anthropic's most powerful model, Mythos - ordering the US company to stop supplying it to foreign nationals due to vulnerabilities reported by Amazon researchers. Anthropic disabled the model for all users to comply with the directive, before restoring access on Thursday as the US government lifted the controls. The San Francisco-based start-up said it would partner with the US government on frontier AI security.

Alibaba's ban of Claude Code from the workplace comes as China's AI industry strives to reduce its reliance on US solutions while competing fiercely for frontier capabilities.

Alibaba recommended employees to use its own coding agent platform, Qoder, as a substitute for Claude Code, people familiar with the matter said.

Anthropic's models and platforms have long been officially inaccessible in China, but they remain popular in the country due to their advanced capabilities, with domestic developers routinely finding workarounds to maintain access.

Alibaba's move showed the compliance and security complications of the US-China AI battlefield, which has moved beyond technology to access control and tech sovereignty issues, said Lizzi Lee, a fellow on the Chinese economy at the Asia Society Policy Institute's Centre for China Analysis.

"If a US AI coding tool can detect Chinese usage or proxy access, then it's not surprising for major Chinese tech companies to not want employees using it internally," she said.

Chinese firms are also concerned that reliance on US tools creates legal, security and operational vulnerabilities, Lee added.

No comments:

Post a Comment

×
Latest news Update