Anthropic is moving to shut the loopholes that let Chinese companies use its Claude models despite a ban on serving China-controlled entities, the Financial Times reported on July 3, 2026. The workarounds — overseas subsidiaries, VPNs and gray-market relay services — violate Anthropic's terms of service, though reportedly not US or Chinese law.
How the workarounds worked
According to the FT, Ant Group gave staff corporate Claude accounts tied to a Singapore-based subsidiary, while ByteDance reimbursed engineers for personal subscriptions reached through VPNs. Coverage also describes "transfer stations" — sites inside China that relay prompts to Claude through overseas accounts or API keys, reselling tokens at an estimated 5-10% of official prices — and foreign-incorporated units running on cloud infrastructure such as Microsoft Azure. Ant and ByteDance both declined to comment.
What Anthropic is doing
The company is enforcing a rule it announced in September 2025 barring entities "more than 50% owned, directly or indirectly, by companies headquartered in unsupported regions" such as China, and is stepping up detection using signals like user time zones and usage patterns. Since around April 2026 it has required identity verification — government IDs and live selfies — for flagged users. Anthropic argues that companies under Chinese jurisdiction can be legally compelled to share data or cooperate with intelligence services; CEO Dario Amodei said in February that the firm had forgone "several hundred million dollars" in revenue by refusing CCP-linked customers.
Part of a bigger fight
The crackdown follows a June 10, 2026 letter to US senators in which Anthropic described what it called the "largest known distillation attack" on Claude — roughly 25,000 fraudulent accounts generating about 28.8 million interactions between April 22 and June 5 — and linked the operatives to Alibaba's Qwen lab, without directly accusing the company. Senators Bill Hagerty and Andy Kim are drafting an amendment to defense legislation to sanction Chinese firms that improperly access US AI output.
The trust tension
The enforcement push landed alongside a backlash over reports that Claude Code had contained hidden China-detection code — checking system time zones and hostnames against a list of known Chinese AI labs — which Anthropic reportedly said it would roll back. Analysts note that aggressive geofencing and detection risk eroding the developer trust that has driven Claude's global adoption, an uncomfortable trade-off as the company tries to police who uses its most capable models.
