Alibaba is cutting off Claude Code for its developers after a reverse-engineering discovery raised questions about what Anthropic’s AI coding assistant checks on local machines.
Starting July 10, Alibaba developers will no longer be allowed to use Claude Code, according to CNBC. The decision follows a Reddit post that identified undocumented logic in the tool that appeared to check for China-linked signals, including time zones, proxy URLs, and possible connections to domestic AI labs.
The discovery comes at a sensitive moment for both companies, in the weeks after Anthropic accused Alibaba of trying to extract Claude’s capabilities. Now, the dispute also raises a broader enterprise question: how much visibility should AI coding tools have into a developer’s environment?
What happened?
According to the developer behind the Reddit post, the hidden functionality had been present since Anthropic released Claude Code version 2.1.91 on April 2. The functionality was accidentally discovered while the developer was trying to restore a capability that Anthropic removed from Claude Code by reverse-engineering the tool.
During that process, the developer noticed code that appeared to inspect users’ local environments to identify China-related usage. In the post, the developer wrote, “While reverse-engineering Claude Code to revert this change, I found something extremely suspicious.”
The hidden logic checks whether the system’s time zone matches any of China’s time zones and whether the user is using a proxy URL linked to a Chinese domain. Based on those results, the software subtly modifies the system prompt by changing the date format while replacing the apostrophe in “Today’s date is” with different Unicode characters to encode the detected environment.
One functionality: different perspectives
Despite the functionality having existed for months, the news landed at an interesting time for both companies. Just weeks prior, Anthropic accused Alibaba of extracting Claude's capabilities. Although an Anthropic engineer claims the functionality is “an experiment” intended to prevent account abuse, the company may have to contend with privacy concerns caused by the incident.
In response to an X post about the discovery, an Anthropic employee described the functionality as an anti-abuse feature that is planned to be removed. The company also explicitly noted that Claude models aren’t for adversarial users, which explains why the logic targeted China.
Both companies declined to respond to questions on the matter.
Potential privacy implications
Anthropic built much of Claude’s reputation around developing safe and trustworthy AI systems. The discovery of undocumented environment checks inside Claude Code, however, raised fresh questions about where the company draws the line between protecting models and respecting users’ expectations of privacy and transparency.
The findings also follow an earlier incident in which the tool was found to have automatically installed a Native Messaging manifest file on several Chromium-based browsers without prior user approval.
For professionals and enterprises using Claude for sensitive work, both incidents reinforce a common concern. Agentic AI coding assistants operate with deep access to local systems, making transparency about what they inspect, modify, or collect just as important as the code they generate.
While Alibaba’s switch to its own AI coding platform may also reflect Anthropic’s recent accusations of AI distillation, the move could foreshadow a broader shift prompting large enterprises to increasingly favor in-house AI tools over third-party alternatives.
Related reading: For more on Anthropic's latest AI strategy, read our coverage of how Claude Sonnet 5 aims to make AI agents more affordable without sacrificing enterprise performance.


