Skip to content
LIVE
The Executives BriefThe Executives BriefBeta

Alibaba bans staff from Claude Code after China flags, Anthropic alleges 25,000 fake accounts

A tool used by developers becomes a battlefield for IP, security, and model leverage, with real operational fallout for firms.

ByOmar Al-BalawiTechnology Correspondent, The Executives Brief
·3 min read
Alibaba bans staff from Claude Code after China flags, Anthropic alleges 25,000 fake accounts
Executive summary

Alibaba has ordered staff to stop using Anthropic's Claude Code after it was found to be flagging users connecting from China. Anthropic says Alibaba is running large

Chinese tech giant Alibaba has ordered staff to stop using Anthropic's Claude Code, after the tool was found to be flagging users connecting from China. That is the immediate operational shock: developers in Alibaba's ecosystem are being told to cut off a specific Anthropic product, not just “be careful” or add checks.

Anthropic frames the move as something bigger than a simple compliance issue. The company says it is already trying its best to prevent Chinese firms from using Claude at all, and it accuses Alibaba of running large “distillation” campaigns against it. In Anthropic’s telling, Alibaba deployed around 25,000 fake accounts to train its own models on Claude. Whether you care about the exact number as a technical detail, the consequence is clear: both companies are escalating their tug-of-war from product usage to access control and, potentially, to the training pipeline itself.

To understand why this matters, you have to know what “Claude Code” represents in practice. Code assistants sit inside a workflow. If a tool flags users, blocks access, or triggers friction based on location, it can change which systems teams trust day-to-day. That is not a hypothetical concern for executives. When a flagship developer tool gets pulled, teams lose time, standardization, and consistency across projects, and they often have to scramble for alternatives.

This also lands in a regulatory and geopolitical context where cross-border AI access is getting treated like a risk category, not just a business decision. Location-based flagging, especially for tools that process user prompts, is the kind of control that regulators and security teams tend to scrutinize. Even when the stated goal is safety or compliance, the effect can still look like selective access. For Alibaba, ordering staff not to use Claude Code signals an internal decision to reduce exposure to whatever triggers the flag. For Anthropic, the underlying concern is that access itself can be turned into training data supply.

That brings us to the heart of Anthropic’s accusation: “distillation” campaigns. Distillation is basically the idea that you can use another model’s behavior to train or tune your own system, without necessarily training on raw internal weights. Anthropic’s allegation that Alibaba deployed around 25,000 fake accounts suggests not a handful of cautious testers, but a scale play aimed at extracting consistent outputs for learning. The reason executives should pay attention is that distillation disputes are not only technical. They are also economic. If one party believes the other can repeatedly harvest its outputs, then the incentive is to harden access and add friction, which then drives the product into a more adversarial posture.

Alibaba’s ban is also strategically legible. If the tool flags users connecting from China, then continuing to use it could mean higher friction, degraded developer experience, or unpredictable access patterns. For a company operating at scale, those risks tend to get handled through blunt internal policy: stop using the product, reduce the surface area, and force teams to re-orient around tools that behave predictably. That is often how companies keep projects on schedule, even if it costs them short-term productivity.

Meanwhile, Anthropic appears to be treating the larger competition as an access and training-control problem. It says it is already trying its best to stop Chinese firms from using Claude at all, and it cites the 25,000 fake accounts claim to support the argument that current measures have to go beyond basic usage. For board members and C-suite leaders, the second-order implication is brutal: the “AI product” you ship can quickly become a security posture, and the “safety feature” can quickly become a strategic chokepoint.

For peers, the stakes are bigger than one code assistant. This is a preview of what happens when frontier model providers and major compute competitors treat model access like a contested asset. If Anthropic believes distillation can be mass-produced through coordinated accounts, it will likely keep tightening controls. If Alibaba believes Claude Code is selectively flagging its users from China, it will likely push teams to comply with bans and invest in substitutes. Either way, the market consequences show up in developer velocity, platform adoption, and how quickly rival models can become “good enough” through aggressive training strategies.

Executive ActionsLocked

This story's Key Insights and Take-aways are locked.

Create a free account to unlock Executive Actions for one credit.

Register to Unlock

Always free for Executives Club members. Join the Club

More in Technology