Alibaba bans employees from using Anthropic’s Claude Code over security risks
The Chinese tech giant is forcing staff onto its own coding platform amid escalating accusations of backdoors, distillation attacks, and a deepening US-China AI cold war.
Alibaba has ordered its employees to stop using Anthropic’s Claude Code, citing security vulnerabilities that allegedly include embedded backdoors capable of identifying users linked to China. The ban takes effect July 10, 2026, and staff must uninstall all Claude products and migrate to Alibaba’s proprietary coding platform, Qoder.
The directive doesn’t exist in a vacuum. It arrives in the middle of a genuinely messy feud between two of the world’s most important AI companies, one that now involves US senators, the White House, and accusations of industrial-scale model theft.
A feud that escalated fast
In late June 2026, Anthropic accused Alibaba’s Qwen AI lab of orchestrating what it called an “adversarial distillation” attack. Anthropic claims Qwen used 25,000 fraudulent accounts to systematically extract knowledge from Claude’s most advanced models.
The alleged attack generated 28.8 million interactions with Claude models over the span of just a few weeks, running from roughly April through June 2026.
Anthropic took the allegations seriously enough to notify US senators and White House officials around June 24, 2026. The company has long blocked commercial access to its models in China, which makes the alleged use of fraudulent accounts to circumvent those restrictions particularly pointed.
Alibaba, for its part, has responded not with a denial but with a ban. The framing from Alibaba’s side focuses on security risks in Claude Code itself, specifically the claim that the software contains mechanisms to flag users associated with China.
The story was originally reported by Chinese outlet Yicai and subsequently confirmed by international news agencies including Reuters.
What this means for investors
Anthropic already couldn’t sell commercially in China. Now its free or semi-accessible tools are being actively purged from one of the country’s biggest employers.
Alibaba’s bet on Qoder deserves scrutiny. Forcing tens of thousands of developers onto a proprietary platform is a fast way to generate usage data and surface bugs, but it’s also a fast way to frustrate engineers who preferred the incumbent tool.
The distillation attack accusations raise uncomfortable questions about model security across the industry. If 25,000 fake accounts can generate 28.8 million interactions before detection, that’s a vulnerability that extends well beyond the Anthropic-Alibaba dynamic.
The wildcard to watch is regulatory escalation. Anthropic’s decision to brief US lawmakers suggests the company is angling for a policy response, potentially export controls, sanctions, or formal investigations targeting Alibaba’s Qwen lab.