Alibaba Bans Claude Code, Accuses Backdoor; Anthropic Claims It Prevents Distillation

Since July 10, 2025, Alibaba has completely banned employees from using Claude Code and switched to its self-developed Qoder, after discovering that the tool had built-in code since March to detect Chinese users and VPNs.

Since July 10, 2025, Alibaba has completely banned employees from using Claude Code and switched to its self-developed Qoder, after discovering that the tool had built-in code since March to detect Chinese users and VPNs.

How the Detection Mechanism Works

Claude Code's detection code identifies user location through IP address range matching and VPN protocol characteristics. When a user initiates a code completion or project scan request, the system first reads local network egress information and then compares it against a preset blacklist. If it matches a mainland China IP or common VPN port, the tool restricts certain functions or records session metadata.

This implementation differs from ordinary geo-fencing; it is directly embedded in the model inference pipeline. A lightweight network probe is added before each API call, taking less than 50 milliseconds and being almost imperceptible to ordinary users.

Positions of Both Sides and Data Indications

Anthropic's official statement claims that the code's purpose is to prevent third parties from distilling model parameters through a large number of prompts. Alibaba, on the other hand, points out that the detection behavior exceeds the necessary scope and was not clearly disclosed to Chinese users in the terms of service.

Impact on Developers' Daily Work

Claude Code was previously used for code refactoring and unit test generation. After the ban, Alibaba internally switched to Qoder, which already supports similar code completion capabilities, but its training data sources are fully localized.

If other enterprises face similar restrictions, they need to reassess their existing workflows. Switching tools takes an average of two weeks, including prompt template migration and security review.

Technical Alternative Paths

Self-developed code assistants typically adopt two approaches: one is fine-tuning based on open-source large models, and the other is directly training dedicated models using domestic computing clusters. The former has lower deployment costs, while the latter offers more complete data sovereignty.

Actual operational data shows that Qoder's completion accuracy on internal codebases is close to that of Claude Code, with response latency controlled within 300 milliseconds.

Future Trend Predictions

Cross-border AI coding tools will face stricter compliance reviews. Companies may require suppliers to provide code audit reports explicitly listing all network probing behaviors.

Domestic code models are iterating faster, and some teams have already started mixing multiple tools to diversify the risk of a single vendor.

In the long run, regional adaptation of AI tools will become a standard part of product design. Developers need to prioritize confirming data flows and the openness of audit logs when selecting tools.