logoalt Hacker News

Alibaba to ban Claude Code in workplace over alleged backdoor risks, source says

266 pointsby nsoonhuitoday at 8:31 AM222 commentsview on HN

Comments

bhoustontoday at 11:02 AM

All remote AI are a massive security risk for individuals/companies/governments that may be targeted by the US government.

It is likely that the US will get a live feed from each AI provider that they are inspecting in real time to identity things of interest, terrorist attacks or foreign government planning or even foreign companies competitive to key US companies.

It will give them access to the though process in those companies as well as much of their text-based IP (source code, docs, meeting transcripts, etc)

Also if you are using local AI that you didn’t train yourself you can never be sure it doesn’t have purposeful biases in its reasoning that may disadvantage you - such as directing you away from certain plans or ideas or patents etc.

show 3 replies
gchamonlivetoday at 4:09 PM

There was recently this case here in Brazil https://www.mixvale.com.br/2026/06/26/fbi-warns-brazilian-po...

This is a double edge knife. In this specific instance this was absurdely important for that kid's life, but this work both ways. What if the US authorities deemed it necessary to snoop on foreign governments and citizens for political reasons, now leveraging AI to do it in an industrial scale?

One thing is certain though is that assuring privacy isn't top priority for any cloud provider. Companies doing cutting edge, sensitive work should be wary.

show 1 reply
eunostoday at 9:31 AM

What Claude Code did is absolutely mindboggling tho, if Chinese harness did that probably POTUS would lose sleep.

show 5 replies
johnathan101today at 9:48 AM

Regardless of whether this specific claim is true, enterprises are becoming much more cautious about developer tools that can read large portions of proprietary codebases.

show 5 replies
nicogentiletoday at 2:32 PM

Seems that we are finally moving to the next stage in LLM's. not only customize based on old searches but also targeted you based on non disclose data. Its basically the same flow we had years ago with ads in social media.

Interesting to notice that we can do the same with these models.

jdw64today at 10:43 AM

I got curious and asked my Chinese friends, and they gave me a Reddit link[1]. It looks like it's about location data collection, and they suggested that might be the reason for the issue.

[1]https://www.reddit.com/r/ClaudeAI/comments/1ujila1/anthropic...

show 1 reply
ravenstinetoday at 11:14 AM

Employers in 2022:

> No! Don't install that lodash thing without explicit approval from IT. Oh, you want a license for Charles Proxy? Gee, I dunno... we've got a budget to maintain.

Employers in 2023:

> No! You can't use ChatGPT at work – it's a security risk.

Employers in 2024:

> Okay, you can use Github Copilot I guess, but you'll have to endure boring corporate training on what you're allowed to do with it.

Employers with dollar signs in their eyes in 2025:

> We attended a seminar about vibe coding. Why aren't you dumbasses keeping up with the times? Use Claude Code for everything! Don't write any of your own code anymore. We don't even really care if you use yolo mode. Just review code and push 10x more features! Use unlimited tokens! Money printer go brrrrr.

Employers in 2026:

> You mean giving one or two companies full autonomous access to our workstations while stupifying our engineers wasn't a sound business plan?

show 1 reply
khurstoday at 12:10 PM

Snowden files revealed NSA collect everything they can.

Of-course USA is collecting everything, not just from China but everyone.

And same with every one else.

avd201today at 1:20 PM

Anthropic has been doing this sort of stuff for a while already. I mean, who remembers when Claude would just consume all your remaining usage if it read anything indicating that Openclaw had been used on your codebase? Because I remember. Two months ago btw https://news.ycombinator.com/item?id=47963204 Then there was the whole debacle of Fable silently downgrading to other models if it detected wrong think, or worse, outright sabotaging your codebase if you were working on language models lol

bushidotoday at 11:25 AM

What's very interesting to me is these moves will introduce a good amount of doubt in future claims by Claude etc, that the open source and non-US models are only getting better because they're distilling from frontier labs.

JPLeRouzictoday at 4:03 PM

> employees were being told to use the company's own coding platform Qoder

That looks a no-nonsense decision, isn't?

yanhangyhytoday at 8:48 AM

i gonna ask: how can they still use claude? i thought all users in china are banned

show 9 replies
rvnxtoday at 9:12 AM

Can't say they are wrong, after the latest backdoor, or let's say, undocumented functionality that leaks some data that was pushed in Claude Code few days ago

https://news.ycombinator.com/item?id=48759754

show 1 reply
rvztoday at 9:32 AM

Another reason to use open source coding agents and local language models.

Claude Code is neither and it is literally info stealing malware.

p0w3n3dtoday at 10:20 AM

[flagged]

show 5 replies
synapsehiretoday at 4:09 PM

[flagged]

aivisibility96today at 12:46 PM

[flagged]

HlessClaudesmantoday at 10:04 AM

Translation: Alibaba will continue distillation attacks using accounts that aren't directly attributable to it's own corporate infrastructure.

show 7 replies
mbmbntoday at 12:18 PM

[flagged]

Jeff9Jamestoday at 11:43 AM

Story of Z.ai:

use claude-code see how good it is send 100k bots to distill fable 5 (GLM 5.2 is the result of this) release Zcode ditch claude-code ban claude-code

show 2 replies
feverzsjtoday at 9:42 AM

Considering their massive distillation, if US companies stop publishing new models to the public, would China still be able to develop new open weight models?

show 6 replies