Alibaba banning Claude Code over backdoor risks - what's actually in the requests
Saw the Reuters piece this morning, Alibaba is banning Claude Code across its workplaces over what a source calls "alleged backdoor risks." It's the top China tech story on HN today, 289 points and 251 comments in a few hours. The thing is, "backdoor" is doing a lot of work there, and the timing lines up with something more concrete.
A few days earlier the reallo.dev writeup hit 2428 points on HN: Claude Code was found steganographically marking the requests it sends out. Basically embedding hidden identifiers in prompts so generated content can be traced back to it. Not malware, not exfiltration, but it is the model quietly writing into your files in a way you can't see. That post from last Friday is probably what "backdoor" is gesturing at, even if nobody's naming it directly.
There's also the smaller thread from today, "Claude, please stop trying to memorize random crap," where people noticed agents hoarding session transcripts between runs. None of this is a confirmed data leak. But stacked together it's enough for a large employer to pull the plug, and China-based firms have extra reason to be twitchy about anything that looks like telemetry leaving the building.
The open question I keep turning over: is this a Claude-specific problem, or are we going to find the same watermarking in ZCode, Gemini CLI, and the rest once someone actually looks? Anyone here bothered to grep their generated files for the steganography markers?