Skip to content

164news.com

  • Home
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Service
  • Cookie Policy

Alibaba bans Claude Code after Anthropic is caught tracking Chinese users with hidden code

Posted on July 3, 2026 By 164news66 No Comments on Alibaba bans Claude Code after Anthropic is caught tracking Chinese users with hidden code

Alibaba Bans Claude Code Over Hidden Chinese User Tracking

Security researchers found steganographic markers inside the AI coding tool that flagged users in Chinese time zones, and Anthropic called it an experiment.

July 3, 2026 – 7:25 pm

Image by: WTO / Flickr

TL;DR

Alibaba has banned its employees from using Claude Code, Anthropic’s AI-powered coding agent, after security researchers discovered that the tool contained hidden code designed to identify Chinese users. The ban follows weeks of escalating conflict between the two companies over allegations that Alibaba stole Anthropic’s AI capabilities through industrial-scale distillation.

"As Claude Code was recently discovered to carry back-door risks, after comprehensive evaluation… Claude Code has now been added to a list of high-risk software with security vulnerabilities," Alibaba said in an internal notice reported by the South China Morning Post. The company recommended employees use Qoder, its own coding agent platform, as a substitute.

How the Tracking Worked

A Reddit user identified as LegitMichel777 reverse-engineered Claude Code on 30 June and found obfuscated code that had been silently present since version 2.1.91, released on 2 April, with no mention in the release notes. The code checked whether a user’s system timezone was set to Asia/Shanghai or Asia/Urumqi and scanned proxy URLs against a hardcoded list of Chinese domains and AI lab addresses.

Rather than logging the results conventionally, the system used steganography to hide its signals in the system prompt sent back to Anthropic’s servers. If the timezone was Chinese, the date format changed from dashes to slashes, and the apostrophe in “Today’s date is” was swapped with one of three visually identical but technically distinct Unicode characters depending on which flags were triggered.

The alterations are invisible to human users and potentially even to the AI model itself, but they are machine-parseable by Anthropic’s servers. Portions of the detection code were XOR-obfuscated with the key 91, a technique used to prevent plain-text extraction during code analysis.

Anthropic’s Response

Thariq Shihipar, an Anthropic engineer on the Claude Code team, said on X that the tracking was "an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation." He said the team had been "meaning to take this down for a while" and that the pull request to remove it was merged on 1 July.

The rollback coincided with the restoration of Anthropic’s Fable 5 and Mythos 5 models, which the US Commerce Department had ordered the company to disable for all foreign nationals in mid-June after Amazon researchers found a jailbreak vulnerability. The export controls were lifted on 30 June, and Anthropic restored access on 2 July, saying it would "scale up government collaboration" on frontier AI security.

The Distillation Backdrop

Anthropic’s justification for the tracking code sits within a broader campaign against what it calls system distillation—a process in which less capable models are trained on data from more advanced models to create cheaper, more accessible versions without disclosing the original training data or model architecture. Alibaba had previously accused Anthropic of engaging in this practice and stealing its AI capabilities through industrial-scale distillation.

Clock

Post navigation

Previous Post: Why building AI for schools is harder than building a chatbot: inside Smartschool’s approach to exam prep
Next Post: The AI chip trade cracked this week, and the hunt for what replaces it has begun

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Editor's Picks

  • Manhattan Family Law Specialist
  • Queens Immigration Lawyer
  • Staten Island Civil Rights Advocate
  • Manhattan Personal Injury Prevention
  • Bronx Intellectual Property Attorney
  • Long Island Real Estate Dispute Resolution
  • Commercial Plumbing Installation Denver
  • Denver Plumber for Emergency Services
  • Denver Gas Line Replacement
  • Affordable Plumbing Repair Denver

Recent Posts

  • Tesla launches the six-seat Model Y Long Wheelbase in the US at 61,990 dollars
  • North Korea-linked npm packages impersonate Rollup polyfill tools to steal developer secrets
  • The Chevy Silverado EV is one of the best electric trucks ever built, so why is nobody buying it
  • Investors sue Oracle, say it hid how shaky the OpenAI deal was
  • Europe is coming for loot boxes, and the games industry is bracing

Recent Comments

  1. fk777 casino on Spiro takes $55M from China’s NewTrails as it nears a $1bn valuation
  2. 5577betapp on Spiro takes $55M from China’s NewTrails as it nears a $1bn valuation
  3. 144bet1 on Spiro takes $55M from China’s NewTrails as it nears a $1bn valuation
  4. 144bet1 on Spiro takes $55M from China’s NewTrails as it nears a $1bn valuation
  5. 144bet1 on Spiro takes $55M from China’s NewTrails as it nears a $1bn valuation

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026

Editor's Picks

  • Manhattan Family Law Specialist
  • Queens Immigration Lawyer
  • Staten Island Civil Rights Advocate
  • Manhattan Personal Injury Prevention
  • Bronx Intellectual Property Attorney
  • Long Island Real Estate Dispute Resolution
  • Commercial Plumbing Installation Denver
  • Denver Plumber for Emergency Services
  • Denver Gas Line Replacement
  • Affordable Plumbing Repair Denver

Copyright © 2026 164news.com.

Powered by PressBook Dark WordPress theme