All Articles

Alibaba’s Claude Code Ban Shows Why Businesses Need Clear AI Usage Rules

July 4, 2026

Alibaba has reportedly banned employees from using Anthropic’s Claude Code at work. The issue is not only about one AI coding tool. It shows a bigger business risk: companies are using AI faster than their policies, security controls and compliance checks can keep up.

Table of contents
Key Takeaways
  • Alibaba has reportedly banned employees from using Anthropic’s Claude Code at work.
  • Claude Code is an AI coding assistant used by software developers.
  • The concern involves compliance, user identification, model access and AI competition between the U.S. and China.
  • This is a reminder that businesses should not allow staff to use AI tools without clear rules.
  • For SMEs, AI adoption should come with basic governance, access control and data protection.

AI tools are becoming part of daily work.

Employees use them to write emails, generate content, summarise documents, analyse data and help with coding.

For many companies, this is already happening before management has created any proper policy.

That is the real issue.

On 4 July 2026, Reuters reported that Alibaba had banned employees from using Anthropic’s Claude Code at work. Claude Code is an AI coding assistant for developers. The report said the ban came after concerns around features that could help identify China-linked users, as well as a wider dispute between Alibaba and Anthropic.

At first, this may sound like a problem between two large technology companies.

But the lesson applies to many normal businesses too.

If staff are using AI tools for work, the company needs to know what data is being entered, where that data goes and whether the tool is allowed for business use.

What Happened?

According to Reuters, Alibaba told employees not to use Claude Code at work. The report said employees were being directed to use Alibaba’s own coding platform, Qoder, instead.

The issue is part of a deeper conflict.

Anthropic had earlier accused Alibaba of trying to extract capabilities from its AI model through a process known as model distillation. In simple terms, distillation can involve using the output of a stronger AI model to train or improve another model.

Reuters also reported that Claude Code had drawn attention from developers because of mechanisms that inspected user environments, including timezone and proxy-related information. An Anthropic employee said the feature was an experiment intended to prevent account abuse and protect against model distillation.

This is not just a technical issue.

It touches on security, compliance, intellectual property and trust.

Why AI Coding Tools Are Powerful

AI coding tools can help developers work faster.

They can suggest code, explain errors, write scripts, review functions and speed up repetitive work.

For software teams, this can save a lot of time.

But the same tools can also create risk.

A developer may paste sensitive code into an AI assistant. They may upload configuration files, API keys, database structures, customer logic or internal system details without realising the risk.

Even when the AI provider has strong security controls, the company still needs to decide whether the tool is approved for business use.

The question is not only:

“Can this AI tool help us?”

The better question is:

“Is it safe for our business data?”

The Hidden Risk: Staff May Already Be Using AI

Many companies think they have not adopted AI yet.

But their staff may already be using it.

Sales teams may use AI to write proposals.

Marketing teams may use AI to generate social media captions.

Admin teams may use AI to summarise documents.

Developers may use AI to write or troubleshoot code.

Managers may use AI to prepare reports.

This is not always bad. In fact, it can improve productivity.

But if there are no rules, the company has no visibility.

That means sensitive information may be copied into public AI tools without approval.

Examples include:

  • Customer names
  • Pricing details
  • Login credentials
  • Internal documents
  • Source code
  • Contract terms
  • Financial information
  • Business strategy
  • Personal data

Once this information is entered into an external platform, the company may lose control over it.

Why This Matters for SMEs

Small and medium businesses may think AI governance is only for big corporations.

That is not true.

SMEs also handle sensitive data.

A small accounting firm may hold financial records. A logistics company may hold customer delivery details. A web developer may hold client source code. A hosting provider may hold server access details. A retailer may hold customer contact information.

The size of the company does not remove the risk.

In fact, SMEs may be more exposed because they often adopt new tools quickly but do not always have formal IT policies.

This creates a gap.

The business wants productivity.

The IT side wants control.

Employees want convenience.

But without a clear policy, everyone makes their own decision.

That is where problems begin.

AI Usage Needs Business Rules

Companies do not need to ban all AI tools.

That is not practical.

AI is becoming part of modern work, and many tools can provide real value.

But businesses should create simple rules before the risk becomes too large.

A practical AI usage policy should answer these questions:

  • Which AI tools are approved?
  • What type of data can employees enter?
  • What type of data is not allowed?
  • Can staff use personal AI accounts for work?
  • Can source code be pasted into AI tools?
  • Who reviews new AI tools before use?
  • How is sensitive data protected?
  • What happens if an employee is unsure?

These rules do not need to be complicated.

They just need to be clear.

The Security Side of AI Adoption

AI is not only a productivity tool.

It is also part of the company’s security posture.

If staff use AI tools without control, it can create shadow IT. Shadow IT means employees are using software or services that the company does not officially manage.

This can lead to:

  • Data leakage
  • Compliance issues
  • Account misuse
  • Weak access control
  • Unapproved file sharing
  • Loss of business confidentiality
  • Poor audit visibility

For regulated industries, the risk is even higher.

Companies that handle personal data, financial records, healthcare data or government-related information need to be extra careful.

What Businesses Should Do Now

Businesses do not need to wait for a major incident before creating AI rules.

Here are practical steps to start.

1. List the AI Tools Currently Used

Ask each department what AI tools they are using.

Do not start by blaming people. Start by understanding the current situation.

The goal is visibility.

2. Decide Which Tools Are Approved

Not every AI tool should be used for company work.

Choose approved tools based on business need, security features, data handling terms and access control.

3. Define What Data Cannot Be Entered

This is one of the most important rules.

Employees should know that sensitive business information, customer data, passwords, private documents and confidential source code should not be entered into unapproved AI tools.

4. Separate Personal Use and Company Use

Staff should avoid using personal AI accounts for business work, especially when handling confidential information.

Company-managed accounts are easier to monitor and control.

5. Train Employees in Simple Language

Do not make AI policy too technical.

Employees should understand the rule quickly.

For example:

“Do not paste customer data, passwords, private documents or internal source code into public AI tools unless the tool is approved by the company.”

That is simple and practical.

6. Review AI Tools Regularly

AI platforms change quickly.

A tool that is safe today may introduce new features later. A new policy, new data setting or new integration may change the risk.

Review approved tools from time to time.

The Bigger Picture

The Alibaba and Claude Code issue is part of a wider trend.

AI tools are becoming more powerful, but companies are still learning how to manage them.

This will not be the last time a large company restricts an AI tool.

More companies will likely introduce internal AI rules, approved tool lists and tighter controls around sensitive data.

For businesses, the message is clear.

AI adoption cannot be left unmanaged.

It should be treated like cloud adoption, cybersecurity or data protection.

Useful, but controlled.

Closing Thoughts

AI can help companies work faster.

But speed without control can become a risk.

The reported Alibaba ban on Claude Code shows that even major technology companies are careful about which AI tools employees can use at work.

SMEs should take the same lesson seriously.

You do not need a complex AI governance framework on day one.

But you do need basic rules.

Know which AI tools your staff are using. Decide what is allowed. Protect customer data. Avoid sharing confidential information. Keep access under control.

At Net Onboard, we help businesses build secure and reliable cloud environments through managed cloud hosting, cybersecurity, backup and business continuity solutions.

If your business is starting to use AI tools and wants to strengthen data protection, cloud security or internal IT control, speak to our team today.

References:

Frequently Asked Questions

  1. 1. What is Claude Code?

    Claude Code is an AI coding assistant from Anthropic. It is designed to help developers write, review and troubleshoot code.

  2. 2. Why did Alibaba reportedly ban Claude Code?

    Reuters reported that Alibaba banned employees from using Claude Code at work after concerns around features that could help identify China-linked users, as well as a wider dispute between Alibaba and Anthropic.

  3. 3. Should businesses ban AI tools?

    Not necessarily. AI tools can improve productivity. But businesses should decide which tools are approved and what type of data employees are allowed to enter.

  4. 4. What is the biggest AI risk for SMEs?

    One major risk is sensitive data being entered into public or unapproved AI tools. This may include customer data, pricing, internal documents, passwords or source code.

  5. 5. What should a company AI policy include?

    A basic AI policy should state which tools are approved, what data cannot be shared, whether personal accounts can be used, who approves new tools and how staff should handle confidential information.