Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Breaking AI News

Alibaba Bans Claude Code Over Hidden Tracking

Alibaba bans employees from Anthropic's Claude Code over a hidden monitoring feature, escalating a security standoff with enterprise AI implications.

Enterprise DNA | | via TechCrunch
Alibaba Bans Claude Code Over Hidden Tracking

Alibaba has banned its employees from using Anthropic’s Claude Code, effective July 10, citing security concerns over hidden monitoring code that Anthropic embedded in the tool to track China-based users. The ban was reported today by TechCrunch and The Information, and marks a sharp escalation in a dispute between the two companies that has been building for months.

Alibaba is directing staff to use its own in-house AI coding tool, Qoder, as a replacement.

The Hidden Code That Triggered the Ban

The proximate cause of the ban was code that Anthropic embedded in Claude Code to detect whether a user was operating from China or affiliated with a Chinese AI lab. The detection logic reportedly checked local computer time zones, proxy settings, and network names against a blacklist of Chinese AI institutions.

When a match was found, the code reportedly used steganography, making microscopic, invisible alterations to date formats or punctuation in generated text, as a covert tracking mechanism. Anthropic engineers later confirmed on social media that the text-alteration tracking was an experiment and has since been rolled back in favour of traditional infrastructure-level blocks. But the disclosure alarmed Alibaba enough to pull the product entirely.

This Did Not Come Out of Nowhere

The tracking code was Anthropic’s response to what it describes as the largest known AI distillation attack it has ever faced.

In a letter to US senators on June 10, 2026, Anthropic accused Alibaba’s Qwen AI lab of orchestrating a systematic attempt to extract Claude’s capabilities without paying for the research that produced them. Between April 22 and June 5, roughly 25,000 fraudulent accounts generated more than 28.8 million interactions with Claude. The goal, Anthropic said, was to train a competing model using Claude’s outputs.

These methods did not break US or Chinese law. But they did violate Anthropic’s terms of service, which bar Chinese companies and foreign entities under their control from using its models. Ant Financial had given staff corporate Claude accounts tied to a Singapore-based subsidiary. ByteDance reimbursed engineers for personal Claude subscriptions accessed via VPN. Others reached Claude through foreign-incorporated units running on Microsoft Azure.

The Financial Times reported on July 3 that Anthropic is now monitoring account signals, including computer time zones and usage patterns, and has extended its access restrictions to majority-owned subsidiaries of restricted entities. Identity verification using government-issued IDs and live selfies has been required for flagged accounts since April.

CEO Dario Amodei said earlier this year that the company had already forgone several hundred million dollars in revenue by cutting off Claude access for firms linked to the Chinese Communist Party.

What This Means for Business

If you are deploying AI coding tools across a team, this story raises three questions that matter regardless of which vendor you use.

What data does your AI tool collect, and where does it go? Claude Code is not unique in embedding telemetry. Most AI development tools collect usage data. The Alibaba situation is unusual only because the monitoring was covert and targeted a specific demographic. Enterprise buyers should ask vendors directly what signals are collected, what inference is run on those signals, and who has access to the results.

How dependent are you on a single AI tool? Alibaba is directing staff to Qoder, its in-house alternative. Not every organisation has that option. If you have standardised on Claude Code, Copilot, Cursor, or any other AI coding assistant, a sudden policy change, a security disclosure, or a geopolitical restriction can create real disruption. Having a tested fallback matters.

What does your AI vendor contract actually say? Anthropic’s terms of service prohibit access by Chinese companies and their subsidiaries. That is an unusual restriction for a software product. Enterprise contracts for AI tools increasingly include usage-monitoring provisions, data-handling clauses, and export control obligations that did not exist in traditional software agreements. Legal review of AI vendor contracts is not optional.

The deeper story here is not about Alibaba or Anthropic specifically. It is about what AI tool adoption looks like when the tools have become genuinely strategic assets, worth protecting through legal action, export controls, and embedded monitoring code.

For business leaders evaluating AI tools, the Alibaba situation is a useful reminder that choosing an AI vendor is not just a technology decision. It is a supply-chain, governance, and risk decision. The vendor’s interests, their regulatory environment, and their security posture all matter.

Want the practical version of this? The free Working With Claude field guide covers the full Claude ecosystem, Claude Code, and how to roll it out across a real business. Download it here.

Working With Claude field guide cover

Free Resource

Going deeper with Claude?

Get the free 32-page implementation guide for ANZ teams.

No spam. Unsubscribe any time.