A new policy at Alibaba will prohibit employees from using Anthropic’s Claude Code programming tool starting July 10, according to multiple reports. The move comes as the Chinese tech giant pushes its own internal alternative and as Anthropic tightens restrictions on users from China.
Anthropic already blocks Chinese companies and foreign entities owned by those companies from accessing its models. The company has been working to close loopholes that previously allowed some Chinese users to reach Claude. A Reddit post recently highlighted that Anthropic had deployed a version of Claude Code capable of secretly identifying users located in China. Anthropic’s Thariq Shihipar explained in a post on X that this was an experiment launched in March aimed at preventing account abuse from unauthorized resellers and protecting against distillation, the practice of training one AI model on the outputs of another. Shihipar added that the team has since implemented stronger mitigations and had planned to remove that experiment for some time.
High risk classification
Alibaba has classified Claude Code as high risk software under its internal security framework. Employees have been instructed to stop using the tool and to switch to Alibaba’s own Qoder tool instead. Qoder is a coding assistant developed by Alibaba’s cloud division and is positioned as a compliant alternative for internal development work. The ban covers all usage of Claude Code across the company, including personal devices and remote work setups.
The move reflects a broader trend among Chinese technology companies to reduce reliance on foreign AI tools amid tightening export controls and data security regulations. Alibaba is not the first Chinese firm to restrict access to Western AI models. Several major tech companies have introduced similar policies over the past year, citing national security concerns and the need to protect proprietary data from being processed on foreign servers.
Anthropic’s evolving restrictions
Anthropic has taken an increasingly aggressive stance toward preventing unauthorized access from China. The company’s terms of service explicitly prohibit use by entities subject to Chinese law or located in mainland China. However, enforcement has been inconsistent, and some users have found ways to circumvent the blocks using VPNs and proxy services. The recent experiment with Claude Code that could detect Chinese users was one attempt to close those gaps.
Shihipar’s comments suggest that Anthropic is refining its detection methods while also exploring more permanent solutions. The company has not disclosed whether it plans to expand similar fingerprinting techniques to other products or regions. The distillation threat is a particular concern for Anthropic, as competitors could train their own models on Claude’s outputs without paying for access. Losing that revenue stream while also facing potential intellectual property theft has pushed the company toward more aggressive technical measures.
Alibaba’s internal memo about the ban reportedly noted that Qoder offers comparable functionality to Claude Code and is fully compliant with Chinese data laws. The company has been investing heavily in its own AI capabilities, including large language models and coding assistants, as part of a broader strategy to achieve technological self reliance.
For employees who have grown accustomed to Claude Code’s features, the transition may be disruptive in the short term. But Alibaba is expected to provide training and migration support to ease the switch. The company has not announced any penalties for noncompliance, though internal security audits are likely to increase scrutiny of third party tools going forward.
For more on how companies are navigating the complex landscape of AI tool restrictions, check out the latest AI news on Mylistingo.







