Home/anthropic/Alibaba Restricts Anthropic Tools Internally Following Discoveries of Hidden User Tracking and Distillation Claims
A detailed pencil sketch of a magnifying glass hovering over a block of computer code on a vintage monitor, highlighting a single apostrophe that unravels into tiny, hand-drawn Chinese timezone names and proxy server addresses written in the margins. No text, no logos.
AnthropicPublished 7 July 20262 min read

Alibaba Restricts Anthropic Tools Internally Following Discoveries of Hidden User Tracking and Distillation Claims

Alibaba Mandates Complete Uninstall of Claude Code

Chinese e-commerce and technology conglomerate Alibaba Group is prohibiting its workforce from utilizing Anthropic artificial intelligence tools for business operations, effective July 10, 2026. The internal policy directive places Anthropic's AI-powered coding agent, Claude Code, on a list of high-risk software containing severe security vulnerabilities. According to internal notices, Alibaba cited backdoor security risks as the primary driver for the restriction. Employees are instructed to uninstall all Anthropic models and autonomous agent products immediately, transitioning instead to Qoder, Alibaba's proprietary AI coding assistant platform.

How Hidden Tracking Triggered the Security Alarm

The restriction follows a public backlash on platforms like GitHub and Reddit after security researchers exposed hidden tracking mechanisms embedded within Claude Code. On June 30, 2026, a Reddit developer operating under the username LegitMichel777 reverse-engineered the software and found obfuscated detection code. This tracking code had been quietly active since version 2.1.91, which Anthropic deployed on April 2, 2026, without documenting the changes in its public release notes.

The embedded code scanned user environments to identify if they were operating within China. Specifically, it checked if system timezones were set to Asia/Shanghai or Asia/Urumqi, and cross-referenced proxy server URLs against a hardcoded index of Chinese domains and artificial intelligence laboratory addresses. Rather than transmitting this data through conventional logs, the software employed steganography to conceal the signals within the system prompts returned to Anthropic servers. If a Chinese timezone was detected, the system altered the system prompt by changing date dividers from dashes to slashes and replacing the apostrophe in the phrase Today's date is with one of three visually identical but technically unique Unicode characters. While human developers and the AI models could not easily detect these changes, they remained fully parseable by Anthropic's receiving infrastructure. Anthropic subsequently acknowledged the mechanism, describing it as an experiment.

An Escalating Battle of Intellectual Property and Access

This technical retaliation highlights an escalating conflict between the two technology giants. In June 2026, Anthropic sent a formal letter to the United States Senate Committee on Banking, Housing, and Urban Affairs, accusing Alibaba of brazenly and illicitly harvesting its AI capabilities. Anthropic characterized the incident as the largest known distillation attack on its Claude models to date, alleging that the Chinese firm systematically extracted model capabilities to train its own systems. Under Anthropic's established terms of service, entities in China and other designated adversarial nations are strictly prohibited from accessing its models. Despite these geographic restrictions, Chinese companies have continuously found methods to bypass access controls, leading to Anthropic's tracking initiatives.

Whether Western AI developers can successfully wall off their proprietary models through invisible digital checkpoints remains highly doubtful given the persistent global demand for state-of-the-art weights.

#anthropic#ai#blended#auto

This digest was compiled from:

Share this digest

Share on XWhatsAppLinkedInTelegram

People Also Ask

Share your thoughts

Reactions, corrections, or insights — all welcome.

0/2000