Just moments ago, Alibaba issued an internal notice—a complete ban on Claude, officially effective July 10th!
The entire suite, including Sonnet, Opus, Fable, and even the popular Claude Code—all Anthropic products—are blacklisted. Not a single one is allowed to remain on employee computers.
It is reported that due to recently exposed security risks involving implanted backdoors in Claude Code, Alibaba has comprehensively assessed the situation and added it to the high-risk software list, recommending the self-developed Qoder as an alternative.
Earlier this year, to promote AI internally, Alibaba not only provided free quotas for its self-developed models but also offered substantial reimbursement for employee expenses on external models.
Many programmers were burning hundreds of dollars weekly on Claude, GPT, and Gemini.
Claude Code Hides a "Stealth Trojan"
What solidified Alibaba's decision was security.
A few days ago, reverse engineering analysis in the developer community revealed: Starting from version 2.1.91 released in April 2026, Claude Code has included a hidden user detection mechanism.

In simple terms, this mechanism does three things—
Step one, quietly checking who you are. It reads your computer's system timezone to see if it's Asia/Shanghai or Asia/Urumqi.
Simultaneously, it checks your proxy address or custom API for keywords related to Chinese cloud providers and AI companies like Alibaba, ByteDance, Baidu, Moonshot AI, and MiniMax.
Step two, tagging you covertly. If a match is found, it won't notify you with a pop-up. Instead, it stealthily alters the system prompt: changing the date format from "2026-06-30" to "2026/06/30".
It replaces the apostrophe in "Today's date is" with Unicode characters that are visually indistinguishable—right single quotation mark (’), modifier letter apostrophe (ʼ), modifier letter prime (ʹ), corresponding to three statuses: "Matched Chinese domain but not AI lab", "Associated with Chinese AI lab", and "Matched both".
Step three, quietly sending it back. These tampered prompts are sent to Anthropic's servers along with your every normal request.
What the user sees is just a normal date; what the server sees is an additional layer of environmental fingerprinting.
What's more unsettling is that this detection code itself was deliberately hidden—the core logic is encrypted and obfuscated, a list of 147 monitored domains is password-protected, and it's never mentioned in the version update logs.
In other words, Anthropic not only did it secretly but also took special care to prevent discovery.
A tool installed on your computer, with filesystem and shell execution permissions, secretly marks and signals your identity, hiding for over two months from deployment until exposure.
Afterwards, Anthropic Claude Code team member Thariq Shihipar publicly acknowledged this "experimental" measure, stating it was rolled back and removed in the new version released on July 2nd.

For a company that entrusts its most critical engineering code to Claude Code, this is a collapse of trust.
You open up your entire code repository, development environment, and internal logic to it, and it's secretly concerned with who you are, where you're from, and who you're connected to.
Trust, once cracked, cannot be mended by even the strongest model.
Ban Wave Adds Fuel to the Fire
Around the same time this hidden mechanism was exposed, Anthropic launched a new wave of large-scale account bans.
In recent days, a significant number of Chinese users were abruptly locked out, with both personal subscriptions and team accounts affected.
Even more frustratingly, many accounts that paid directly through the official website received no refunds after being deemed non-compliant, with appeal success rates practically zero.
From "Begging to Use" to "Company-Wide Ban"
For the past two years, it was Chinese developers queuing up to "beg to use" Claude: scrambling for quotas, finding relays, enduring the constant risk of bans, all to access that "world's best".
Now, one of China's largest tech companies is the first to decisively show Claude the door.
The once-treasured tool, once used with reimbursement, is now high-risk software. The roles of giver and receiver have been reversed for the first time.
This also signals that leading Chinese tech companies are shifting their attitude towards "building core business on others' closed-source tools" from "borrowing what's available" to "security first".
It's not about not wanting good tools; it's that good tools must also withstand scrutiny.
There are countless tools for writing code, but one principle holds true: Only the tools you can trust in your own hands are truly unremovable.
This article is from the WeChat public account "New Zhiyuan", author: New Zhiyuan





