Alibaba Curbs Employee Access to Anthropic Tools
Alibaba has restricted its employees from using Anthropic’s AI tools, including the Claude Code assistant. The Chinese tech giant placed the software on a high-risk list following allegations from Anthropic that Alibaba engaged in unauthorized data extraction to train its own large language models.

The Fallout from Alleged Distillation Attacks
The move follows public accusations from Anthropic, which claimed in June that the Chinese firm attempted to “illicitly” extract its AI capabilities. According to a report by CNBC, Alibaba has instructed its staff to uninstall Anthropic-related agent products and transition to using the company’s internal Qoder AI assistant.
Anthropic characterized these actions as a “distillation attack,” alleging it was the largest attempt of its kind recorded to date. In a distillation process, an entity uses a high-performing model to generate outputs, which are then used as training data for a less capable or smaller model. This allows developers to replicate the reasoning and behavior of advanced proprietary systems without incurring the extensive research and development costs associated with building them from scratch.
A Growing Pattern of AI Intellectual Property Disputes
The tension between Anthropic and Chinese AI developers is not new. In February, Anthropic publicly accused three Chinese companies—DeepSeek, MiniMax, and Moonshot AI—of executing similar distillation attacks. The company urged policymakers and the global AI community to establish safeguards against these practices, which it argues undermine the integrity of AI development.
Anthropic maintains that its terms of service strictly prohibit the use of its models by entities in “adversarial nations.” Policing this usage is complex, as a standard query for coding assistance is often indistinguishable from an automated extraction effort. Detection typically relies on identifying suspicious patterns, such as high-volume, repetitive prompts originating from coordinated accounts.
The Security Risks of Industrial-Scale Imitation
The practice of distilling proprietary logic has become a significant concern for major AI labs. In a February blog post, Google’s Threat Intelligence Group warned that as organizations integrate large language models (LLMs) into core operations, their specialized training and proprietary logic become high-value targets for competitors.

Unlike traditional cyberattacks that focus on breaching a firewall, distillation is described as an “industrial-scale” imitation of a model’s output. By capturing and analyzing thousands of responses, a competing model can learn to replicate the original’s reasoning capabilities. While this method is technically sophisticated in its execution, it functions similarly to a student copying answers from a high-achieving peer.
Dispute Summary
- The Restriction: Alibaba has moved to block Anthropic’s Claude Code and related tools, directing employees to use its proprietary “Qoder” assistant instead.
- The Allegation: Anthropic accused Alibaba of conducting a “distillation attack” to illicitly acquire its AI capabilities.
- The Mechanism: Distillation involves using the outputs of a stronger model to train a weaker one, effectively bypassing the research investment required for original model development.
- Industry Context: Google’s Threat Intelligence Group has identified the theft of proprietary model logic as an emerging risk for organizations that rely on LLMs for core business functions.
As AI models continue to evolve, the distinction between legitimate use and data extraction remains a focal point for both developers and regulatory bodies. The current dispute underscores the challenges of maintaining proprietary advantages in an era where model outputs can be easily harvested and repurposed.