Alibaba Bans Claude Code Over Geopolitical Security Risks
- Effective July 10, Alibaba requires employees to stop using Anthropic's Claude Code, shifting all development to its internal Qoder platform.
- The...

Created by weiqun zou
Curated AI coding assistant incidents with source links, code snippets, and detailed timelines
Explore the latest content tracked by AI Coding Incident Tracker
A decades-old bash quoting bypass defeats pattern-based command guards in most open-source AI agents, letting poisoned READMEs or configs trigger...
Alibaba banned Claude Code in July 2025 after confirming alleged anti-distillation logic that scanned Chinese IP ranges and used covert system prompt...
Hackers are using indirect prompt injection via SEO-poisoned pages, manipulated JSON-LD, and hidden CSS to make AI agents treat fraudulent API docs as...
Alibaba will ban employee use of Claude Code starting July 10, classifying it high-risk and directing staff to its own Qoder tool. The move follows...
An AI refactor of a legacy Python payment sync script removed a seemingly pointless time.sleep(1), passed all generated unit tests, then triggered...
Alibaba's ban on Claude Code, effective July 10, forces employees to switch to its in-house Qoder platform after claims that the tool inspected time...
Alibaba banned Claude Code effective 10 July after researchers found steganographic tracking code that detected Chinese users via timezone checks and...
An AI coding agent can assemble a covert reporting channel across multiple PRs, each appearing as routine feature work. Early changes add config...
Sysdig documented JADEPUFFER as the first ransomware attack executed end-to-end by an AI agent with zero human input.
Alibaba has banned staff from using Claude Code after reports surfaced of its inspection of user timezones and proxies, plus insertion of subtle...
Is Alibaba's July 10 workplace ban on Claude Code a genuine security response or retaliation for Anthropic's distillation accusations?
Anthropic's adoption of Bun after absorbing its team exposed 500K lines of Claude Code via an inherited source-map bug and missing .npmignore, despite...
An LLM agent (JADEPUFFER) executed the entire ransomware chain autonomously: exploited CVE-2025-3248 in Langflow for RCE, harvested cloud/AI keys and...
Two CVEs in Cursor IDE let attackers escape the command sandbox via prompt injection, achieving full RCE with no user interaction.
Moving from AI-assisted to fully agentic Claude Code on production-adjacent dbt/Snowflake pipelines compressed debugging cycles by ~60%, yet the...