A world turned upside down: Alibaba accuses Anthropic of backdoor

A world turned upside down: Alibaba accuses Anthropic of backdoor

Anthropic recently accused Alibaba of a massive data scraping campaign, essentially an attempt by the Chinese company to train its own AI using Claude outputs. Now the tables have turned, and Alibaba claims that Anthropic has built a backdoor into Claude Code.

Alibaba believes there’s more to the app than meets the eye. According to a Reuters source, Alibaba is blocking access to Claude Code within its own work environments. The company did not publicly confirm the move and did not respond to questions. The Chinese financial publisher Yicai was the first to report on it.

Where the backdoor comes from

The alleged backdoor traces back to a Reddit post from June 30. A user going by the name LegitMichel777 claimed to have reverse-engineered Claude Code. Starting with version 2.1.91, released on April 2, the tool allegedly secretly checks whether a user’s proxy configuration or time zone matches two hidden lists.

One list reportedly included Chinese corporate networks and AI labs, such as Alibaba, Baidu, ByteDance, and Moonshot AI. If a match was found, the tool would adjust the date format and swap a punctuation mark in its own system prompt, rather than sending an overt telemetry signal.

Anthropic did not issue a formal statement. A member of the Claude Code team, Thariq, stated on social media that the mechanism was intended to combat account sales and model distillation, and that it would be removed in the next release. According to The Register, that fix was already in the works as of July 1. The mechanism had thus been active for about three months.

Dispute over distillation

All of this is part of a broader conflict. In a June 10 letter to U.S. senators, Anthropic accused operators associated with Alibaba’s Qwen lab of running nearly 25,000 fraudulent accounts, accounting for over 28.8 million interactions between April 22 and June 5. In our view, Anthropic’s call for a frontier AI rulebook is partly a response to this threat of distillation and an act of self-defense, or, more cynically, an attempt to snuff out any competition outside of OpenAI or the currently lagging efforts from the likes of Google or Meta.

Alibaba Cloud Model Studio’s documentation shows how Claude Code can be routed through its own endpoints; if configured incorrectly, the tool still connects to Anthropic’s servers. Whether this was targeted espionage or a crude anti-fraud filter remains disputed. No independent security firm has published a full audit to date. Reuters based its report on a single source.