Anthropic Tightens Claude Access Controls to Stop Chinese Firms Using Offshore Workarounds
Summary: Anthropic is ramping up technical enforcement against Chinese entities that have circumvented its access restrictions by routing Claude usage through foreign subsidiaries, cloud intermediaries, and VPNs—practices that violate Anthropic's terms of service even where no U.S. law is technically broken.
Key Points
- Ant Financial gave employees corporate Claude Code accounts tied to a Singapore subsidiary; ByteDance reimbursed engineers for personal subscriptions purchased via VPN
- "Transfer station" services relayed prompts from China-based users to Claude through overseas servers and API keys, then returned responses—operating at scale with no legal liability under current Chinese or U.S. law
- Anthropic plans to analyze time-zone data, request latency, and routing patterns to flag accounts acting as proxies for China-linked organizations
- Context: Anthropic told U.S. senators on June 10 that Alibaba-linked operatives used roughly 25,000 fake accounts to execute 28.8 million Claude interactions in a large-scale model distillation campaign between April and June 2026
Why It Matters
This enforcement push shows that AI access controls are no longer just policy documents—they're becoming real-time security infrastructure. By detecting proxy behavior at the network layer rather than relying solely on legal agreements, Anthropic is signaling that the frontier-model geopolitical barrier will be enforced technically, not just diplomatically. That raises the cost of workarounds for all actors, including allies operating in ambiguous jurisdictions.