
Starting July 10, Alibaba will prohibit employees from using Anthropic products in work environments and will suggest switching to its own Qoder platform, Pandaily and Futu reported.
The restrictions will cover Claude models, including Sonnet, Opus and Fable, as well as the Claude Code tool. The company placed it on a high-risk software list and recommended Qoder as an alternative. According to Reuters, security-related issues were the reason. Representatives of Alibaba and Anthropic did not comment to the agency.
What developers found
Days earlier, developers noticed mechanisms in Claude Code that checked a user’s environment. Reuters cited the time zone and proxy-related information among them.
According to other sources, the mechanism appeared in version 2.1.91, released in April 2026. It read the local time zone and checked proxy addresses or user API endpoints for keywords related to Chinese cloud providers, AI companies, and access-resale services.
When a match occurred, Claude Code changed the date format and a punctuation mark in a system prompt rather than sending explicit telemetry. That sparked discussion among developers and became one reason for concerns about corporate use of the tool.
Thariq Shihipar, a member of the Claude Code team at Anthropic, said the feature was “an experiment launched in March.” According to him, it was intended to combat unauthorized reselling of accounts and protect against distillation of models. He also said the mechanism would be removed in the next release.
Hi, this is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation.
The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while. We merged the…
— Thariq (@trq212) June 30, 2026
Anthropic’s China policy
Alibaba’s restrictions come amid a tightening of Anthropic’s policy toward China and other unsupported regions. On September 4, 2025, the company updated its sales and access rules: its terms prohibit the use of services in a number of jurisdictions due to legal, regulatory and security risks.
Anthropic said organizations in such regions may be required to share data with security services or use access to Claude to develop their own AI systems. China and Hong Kong are not on the page of supported countries and regions.
Earlier, Anthropic accused three Chinese AI startups — DeepSeek, Moonshot and MiniMax — of a large-scale campaign to use Claude to improve their own models. According to the startup, the labs generated more than 16 million interactions with the chatbot through roughly 24,000 fraudulent accounts, violating the terms of use and regional restrictions.
In June, Anthropic reiterated its claims against Alibaba and its AI unit Qwen in a letter to Senate Banking Committee Chair Tim Scott and ranking Democrat Elizabeth Warren. The developers said it was the largest such attack known to them, linked to attempts to speed up the development of Chinese models.
According to Pandaily and Futu, Anthropic’s letter to the Senate was the trigger for Alibaba’s internal ban.
Gray market for access
Nevertheless, the strict restrictions have affected demand for Claude in China. According to WIRED, accounts are sold on Taobao, Xianyu and Telegram, and intermediary “stations” have appeared for more stable operation. These services host servers in countries supported by Anthropic, buy API access outside China and resell it to local users.
Anthropic representative Michael Asiman told the publication the company uses “a set of evolving detection systems, including identity verification,” and is working to detect and disable proxy networks. At the same time, the reporters pointed to abnormally high usage of Claude in Singapore relative to the country’s population.
Oxford China Policy Lab researcher Zilan Qian told WIRED that developers from China prefer Claude Code and OpenAI Codex to local alternatives.
“Chinese models are still six to nine months behind American ones, and in tasks like writing code this gap is noticeable,” he said.
An additional backdrop was U.S. export restrictions on Anthropic’s new models. In June, the company had to limit access to Fable 5 and Mythos 5 for foreign nationals, including its own employees outside the country.
On June 30, Anthropic said U.S. authorities rescinded the directive. Starting July 1, the company restored global access to Fable 5 but temporarily limited use of the model to 50% of normal weekly limits. Mythos 5 remained available only to select U.S. organizations.
On June 24, 360 Security Technology founder Zhou Hongyi unveiled the Tulong Feng AI tool for automated vulnerability discovery. He called the development China’s answer to Anthropic’s Mythos 5.
