China’s Alibaba will ban employees from using Anthropic’s Claude Code programming tool starting July 10, according to multiple reports from Reuters and the Dow Jones newswire. The company has classified Claude Code as “high-risk software” and is directing staff to use its own Qoder coding tool instead.
🔍 THE BOTTOM LINE: The ban is the commercial consequence of a covert experiment Anthropic ran in March — a version of Claude Code that secretly identified Chinese users to prevent account abuse and distillation. When that experiment was exposed, it confirmed exactly the kind of backdoor access that Chinese companies fear from US AI tools. Alibaba’s response is both a security decision and a commercial one: Qoder gets a captive user base overnight.
What Happened: The Claude Code User-Identification Experiment
Anthropic already prohibits Chinese companies — and foreign entities owned by Chinese companies — from using its models. The company has been working to close loopholes that allow Chinese users to access Claude through intermediaries and resellers.
According to a Reddit post that surfaced recently, part of that loophole-closing effort involved a version of Claude Code that could secretly identify Chinese users. Anthropic’s Thariq Shihipar confirmed the existence of the experiment in a post on X, describing it as “an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation.”
Distillation is the practice of training AI models on the outputs of other, more capable models — effectively extracting the intelligence from a frontier model without paying for it. For Anthropic, which has invested billions in training Claude, unauthorized distillation from Chinese resellers is both a commercial and a strategic threat.
“The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while,” Shihipar said. In other words: the covert identification feature was always supposed to be temporary, but it ran long enough to be discovered.
Why Alibaba Is Banning It
Alibaba’s decision to classify Claude Code as high-risk software is the direct consequence of that discovery. If Claude Code can secretly identify users by geography, it can also collect other telemetry — code patterns, project names, API usage — that a company like Alibaba considers sensitive. For a Chinese tech giant building competing AI models (Alibaba’s Qwen series is one of the most capable open-weight model families), sending code through a US competitor’s tool that has demonstrated covert tracking capabilities is an unacceptable risk.
The ban takes effect July 10. Employees are being directed to use Qoder, Alibaba’s own AI coding assistant. This is not just a security decision — it’s a commercial one. Alibaba’s internal Qoder deployment instantly gains thousands of captive developer users who were previously on Claude Code.
The Broader Pattern: AI Tools as Intelligence Surface
The Alibaba ban fits a broader pattern that has been accelerating through 2026: AI coding tools are becoming an intelligence collection surface, and companies are waking up to the implications.
- In June, security researchers broke into Claude Cowork’s sandbox, revealing that Anthropic’s agentic coding environments have exploitable attack surfaces.
- Also in June, Anthropic was caught hiding tracking markers inside Claude Code — steganographic watermarks embedded in generated code that could identify the model that produced it.
- The Claude Code GitHub Actions supply chain vulnerability demonstrated how AI-generated code pipelines can become attack vectors.
Each of these stories individually was a security note. Together, they describe a tool that collects metadata about its users, embeds identifying markers in its output, and has a sandbox that can be exploited. For a Chinese company, that is three separate reasons to ban it.
The Export Control Backdrop
The Alibaba ban also comes against the backdrop of US export controls on AI models, which were imposed and then partially lifted in an 18-day standoff in late June. The controls were designed to prevent frontier models from being accessed by Chinese entities — and Anthropic was one of the companies most affected.
The export control regime created the conditions for the Claude Code user-identification experiment. Anthropic needed to demonstrate compliance — to show it was taking reasonable steps to prevent unauthorized Chinese access. The covert identification feature was a compliance tool that became a security liability when it was discovered.
For Alibaba, the export controls and the covert tracking experiment are two sides of the same coin. The US government says Chinese companies shouldn’t use American AI models. Anthropic built a tool to enforce that. The result is that Chinese companies now have both a regulatory and a security reason to stop using Claude Code — and the sovereign AI argument for building domestic alternatives gets another data point.
What Qoder Actually Is
Alibaba’s Qoder is the company’s internal AI coding assistant, built on its Qwen model family. The Qwen models are open-weight, which means Alibaba controls the entire stack — model weights, inference infrastructure, and the coding tool layer. Qoder is not a Claude Code clone; it’s a domestic alternative that Alibaba has been developing in parallel with its model programme.
The ban forces Alibaba developers to migrate from a US tool with proven covert tracking capabilities to a domestic tool where Alibaba controls the data flow. For developers, the transition may be bumpy — Claude Code has been the dominant AI coding tool for enterprise use, and its capabilities are well-established. Qoder is newer and less proven at scale.
NZ Angle
New Zealand developers using Claude Code should note that the covert user-identification experiment was not specific to Chinese users — it was a geographic filtering mechanism that could, in principle, be applied to any region. Anthropic disclosed the experiment after it was discovered, not proactively. The lesson is that AI coding tools can embed telemetry and tracking that users are not informed about, and that the companies operating these tools may run compliance experiments that collect metadata about their users without notice.
For NZ companies evaluating AI coding tools, the Alibaba ban is a case study in how seriously major enterprises take this risk — and a reminder that open-weight alternatives exist for those who want full control over their data flow.
❓ FAQ
Why did Alibaba ban Claude Code? Alibaba classified it as high-risk software after Anthropic was discovered running a covert experiment that secretly identified Chinese users. The experiment was designed to prevent account abuse and distillation, but it confirmed Claude Code could collect geographic metadata without user knowledge.
When does the ban take effect? July 10, 2026. Employees are being directed to use Alibaba’s own Qoder coding assistant.
Was Anthropic’s tracking experiment legal? Anthropic disclosed it after discovery and said it was meant to be temporary. The company said stronger mitigations have since been deployed. Whether it violated any specific law depends on jurisdiction — but it was not disclosed to users at the time.
Is Qoder a real alternative to Claude Code? Qoder is built on Alibaba’s Qwen model family, which is one of the most capable open-weight model families. It is newer and less battle-tested than Claude Code at enterprise scale, but the ban gives it a captive internal user base to develop against.
Does this affect New Zealand developers? NZ developers using Claude Code were not specifically targeted by the user-identification experiment, which was focused on Chinese users. However, the experiment demonstrates that AI coding tools can embed undisclosed telemetry, and the geographic filtering mechanism could in principle be applied to any region.
🔍 THE BOTTOM LINE
Alibaba’s ban on Claude Code is the downstream consequence of Anthropic’s own covert user-identification experiment. When a US AI company builds a tool that secretly tracks Chinese users, and a Chinese tech giant discovers it, the result is a ban that simultaneously addresses a real security concern and hands a captive developer user base to a domestic alternative. The export control regime created the conditions for the experiment, the experiment created the conditions for the ban, and the ban accelerates the fragmentation of the global AI tooling market along geopolitical lines. Companies using AI coding tools from any provider should assume that metadata collection is possible and evaluate their risk accordingly.