What exactly happened between Claude and Alibaba?

nthropic is a US AI company and the maker of the Claude family of AI models. One of its tools, Claude Code, helps software developers write and fix code faster.

But Anthropic restricts access to its systems for users and entities in China. The reason is not just business. Advanced AI models are increasingly being treated as sensitive technology, especially in the US-China technology race.

Despite those restrictions, Alibaba employees were reportedly using Claude Code at work. The restrictions were difficult to enforce because users could route traffic through overseas servers and make it appear as if they were accessing the tool from somewhere else.

Anthropic, meanwhile, had been tightening enforcement.

Developers later discovered detection features inside Claude Code, which an Anthropic team member publicly acknowledged as an experiment, launched in March, aimed at preventing account abuse and unauthorised resale, and said would be removed. These features could inspect signals from a user's environment, including timezone and proxy-related information. In simple terms, Claude Code could help Anthropic identify whether someone might be connected to China, even if that person was using technical workarounds.

Separately, in a letter dated 10 June 2026 to US senators Tim Scott and Elizabeth Warren of the Senate Banking Committee, Anthropic accused Alibaba-linked operators of running a large-scale 'distillation' campaign against Claude. Distillation is a way of using one powerful AI model's answers to train another. Anthropic claimed the campaign took place between 22 April and 5 June 2026, and involved more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts. The letter became public on 24 June.

That is where this story stops being only about software and becomes a full US-China AI face-off.

Alibaba then reportedly banned employees from using Anthropic products at work, including Claude Code, effective 10 July, citing security concerns. The move came days after developers publicly documented the detection features. Employees were reportedly told to remove Anthropic's AI models from their work environment and use Alibaba's own coding platform, Qoder, instead.

So both sides now have a complaint.

Anthropic's complaint: Alibaba tried to copy our AI capabilities.

Alibaba's concern: Claude Code contained undisclosed detection features that could create a security risk for our employees.

That is the fight in one line.

Why was Alibaba using Claude if Anthropic blocks China?

Because useful tools often travel faster than official rules.

Claude Code is valuable for developers because it can help write, review, debug, and improve code. Even if Anthropic restricts access from China, users can try to bypass restrictions through overseas servers, proxy networks, foreign accounts, or other technical routes.

In fact, Alibaba had reportedly been subsidising employees' subscriptions to external AI models, including Claude, with some developers running up hundreds of dollars' worth of usage every week. The tool was not sneaking into the company. The company was paying for it.

This does not mean every Chinese developer was doing something wrong. But it does show how difficult AI restrictions are to enforce in the real world.

Blocking access on paper is easy. Blocking access in practice is much harder.

What is "distillation"?

Distillation means using one powerful AI model to train another model. You do not steal the original model's code. Instead, you ask the stronger model a huge number of questions, collect its answers, and use those answers to train another model to behave more like it.

It is like asking the smartest student in class for answers again and again, then using those answers to train another student. Anthropic accused Alibaba-linked operators of doing this at a massive scale. Alibaba has not addressed the specifics of the allegation, and no outside party has verified it.

What was the hidden code inside Claude Code?

Developers found that Claude Code could inspect user-environment signals such as timezone and proxy-related information. It also reportedly inserted subtle markers into prompts sent to Anthropic's servers. These features were not disclosed in Anthropic's release notes, which is why the discovery triggered concern.

In plain English, the tool appeared to contain mechanisms that could help Anthropic understand where and how Claude Code was being used.

Anthropic said this was meant to prevent abuse. Alibaba saw it as a security risk.

That is why this became explosive. To Anthropic, it may have looked like fraud detection. To Alibaba, it looked like undisclosed surveillance inside a workplace coding tool.

So was Anthropic spying?

There is no public evidence that Claude Code was stealing Alibaba's internal code or breaking into company systems.

The concern is different.

When a coding assistant is used at work, employees may paste code, ask questions about internal systems, or use it inside sensitive environments. Even if the AI company says it is only checking for abuse, an employer will still ask: what exactly is this tool seeing?

That is why Alibaba could present Claude Code as a workplace security issue.

Why did Anthropic stay silent?

Because disclosure would have defeated the purpose.

If Anthropic believed users were bypassing its restrictions through fake accounts, proxies, or overseas servers, publicly explaining its detection method would have made that method useless.

If you are trying to catch someone sneaking in, you do not announce where the cameras are.

The timeline also matters. The alleged campaign against Claude ran from 22 April to 5 June 2026. Anthropic's letter to the US Senate was dated 10 June. By then, the company had detailed numbers. That suggests Anthropic had been quietly tracking the activity before going public.

The same silence, however, gave Alibaba its counterattack. Undisclosed detection features allowed Alibaba to say Claude Code itself was the risk.

Why did Alibaba ban Claude?

Officially, because of security concerns. Strategically, the ban also helps Alibaba in three ways.

It removes a US AI tool from its workplace environment. It pushes employees toward Alibaba's own coding platform, Qoder. It gives Alibaba a counter-narrative after Anthropic's accusation.

Instead of only responding to the allegation that it tried to copy Claude's capabilities, Alibaba can now say: Claude Code was a risk to us.

Who looks worse?

TThat depends on where the reader is standing.

From Anthropic's side, the worry is clear. If restricted users can create fake accounts and generate millions of exchanges, advanced AI models can be copied without anyone stealing the original code.

From Alibaba's side, the worry is also clear. If a foreign AI coding tool quietly checks user-environment signals, no major company will be comfortable letting employees use it freely.

There is no clean hero here.

There are two powerful companies trying to protect their own advantage in a world where AI has become too important to leave to trust.

What should companies learn?

The biggest lesson is simple: AI tools at work cannot be treated casually anymore.

A coding assistant is not just a productivity shortcut. It can touch internal code, workplace data, security systems, user information, product strategy, and company secrets. Every serious company now needs clear AI usage rules.

Which tools are approved? What data can employees paste into them? Can code be shared with outside models? Are personal AI accounts allowed for work? Who audits AI tool usage? What happens if a tool is banned overnight?

The old workplace habit was: use whatever helps you finish faster.

The new workplace rule will be: use only what the company can trust.

The bigger story

This fight started with Claude Code. But it is really about access to power.

American AI companies are trying to stop restricted foreign users from accessing their most advanced models. Chinese companies are trying to reduce dependence on US tools. Governments are turning AI into strategic infrastructure. Employees are caught in the middle, losing access to tools they had quietly built into their daily work.

That is the real story. Not just Anthropic versus Alibaba. Not just Claude versus Qoder.

This is the future of AI at work: more powerful tools, more restrictions, more suspicion, and far less innocence.

What does this mean for Indian companies?

India sits closer to this fight than it may appear.

Indian IT services firms and global capability centres now build client work on the same AI coding tools at the centre of this dispute. When a tool of this scale can be reclassified as high-risk software and banned from a workplace within days, every delivery head has a new question: what happens to our timelines if a tool we depend on disappears overnight?

There is also a quieter lesson in the detection story. Indian companies routinely handle client code and data under strict confidentiality obligations. If an AI coding assistant can inspect signals from a user's environment, contracts and audits need to account for what such tools can see, not only what they officially do.

None of this argues against using AI tools. It argues against depending on any single one. The companies that will handle the next ban calmly are the ones that already know which tools are approved, what data can touch them, and what the fallback is.

For India's technology workforce, the message is simple: the tools are global, but the rules are becoming geopolitical.

Sources

  1. CNBC, "China's Alibaba bans Anthropic AI for employees after 'distillation attack' accusation", 6 July 2026.
  2. Reuters, "Alibaba to ban Claude Code in workplace over alleged backdoor risks, source says", 3 July 2026.
  3. South China Morning Post, report on Alibaba's internal notice on high-risk software, 3 July 2026.
  4. TechCrunch, "Alibaba reportedly bans employees from using Claude Code", 4 July 2026.
  5. Financial Times, report on Anthropic closing third-country access loopholes, 3 July 2026.
  6. Anthropic letter to the US Senate Banking Committee, dated 10 June 2026, first reported 24 June 2026.
  7. Tom's Hardware, "Alibaba bans Anthropic's Claude Code after an alleged hidden China-detection backdoor is uncovered", 5 July 2026.