Anthropic uses a layered system — geoblocking, overseas credit card requirements, live biometric KYC, proxy tracking, and account clustering analysis — to block unauthorized Chinese access to Claude. Chinese companies and gray market operators have responded with workarounds including reimbursement schemes (ByteDanc...

Create a landscape editorial hero image for this Studio Global article: Search & fact-check with cited sources for What methods has Anthropic used to crack down on Chinese workarounds to Claude, including the wor. Article summary: Here is a comprehensive, source-by-source account of Anthropic's crackdown on Chinese workarounds to Claude.. Topic tags: general, news, general web, user generated. Style: premium digital editorial illustration, source-backed research mood, clean composition, high detail, modern web publication hero. Use reference image context only for broad subject, composition, and topical grounding; do not copy the exact image. Avoid: logos, brand marks, copyrighted characters, real person likenesses, fake screenshots, UI text, readable text, watermarks, charts with fake numbers, clickbait thumbnails, icons, and tiny thumbnail layouts. Make it useful as an illustrative vis
Since September 2025, Anthropic has pursued a multi-layered enforcement campaign to prevent Chinese companies and users from accessing its Claude AI models. The company is the only major U.S. frontier AI lab to voluntarily ban sales to PRC-controlled entities — a policy confirmed directly by CEO Dario Amodei — and it has combined technical barriers, account monitoring, and public accusations in an escalating confrontation with Chinese AI labs and gray-market operators . Here is a source-by-source account of the methods, workarounds, and tensions.
In September 2025, Anthropic announced it would halt sales of AI services to any company majority-owned by Chinese interests, expanding existing restrictions on "authoritarian" regimes . The company said the move was intended to prevent a U.S. adversary from advancing in AI and threatening national security
. Anthropic has publicly stated that it is "the only frontier AI company to restrict the selling of AI services to PRC-controlled companies," explicitly forgoing significant short-term revenue to do so
. This was not a U.S. government requirement — it was a voluntary corporate policy that went further than any competitor
.
Anthropic uses a layered technical enforcement system:
The Financial Times reported in July 2026 that Ant Group (an affiliate of Alibaba) has been accessing Anthropic's tools such as Claude Code through unauthorized workarounds — including providing employees with corporate Claude accounts linked to its Singapore-based entity .
ByteDance implemented an internal reimbursement scheme that allowed engineers to use personal accounts to access Claude via VPNs, then get reimbursed by the company, bypassing corporate-level restrictions .
A thriving gray market has emerged in China where operators run "transfer stations" — intermediary services that buy Claude API tokens or Max accounts from outside China and redistribute access domestically . Typical scheme: buy one Max 20x account for $200, use Claude Code OAuth tokens to expose it as "unlimited API," then sell access to 10–20 clients at $30–50/month, generating $300–1,000 per account
. These stations are marketed openly on GitHub, Taobao, and Telegram, accept RMB payments, and resell access at roughly 10% of the official price
.
Some Chinese proxy services engage in "model substitution," silently routing queries to cheaper or older Claude models while charging for premium ones, and harvesting prompts as a secondary revenue stream .
On February 23, 2026, Anthropic publicly accused three Chinese AI labs — DeepSeek, Moonshot AI, and MiniMax — of conducting large-scale "distillation" attacks . The companies allegedly created approximately 24,000 fraudulent accounts, generated over 16 million exchanges with Claude, used "hydra cluster architectures" to disguise the activity, and extracted model reasoning and tool-use capabilities to train their own competing AI models
. The Guardian described this as "large-scale intellectual property theft"
. OpenAI had made similar allegations against Chinese firms the previous month
.
On June 24, 2026, Anthropic accused Alibaba Group of waging a "large-scale effort to illicitly access Claude using thousands of fraudulent accounts" . Alibaba subsequently announced that starting July 10, 2026, it would prohibit employees from using Anthropic's Claude Code in the office environment
. Alibaba also alleged that Anthropic had "embedded a backdoor into Claude Code" — though this claim is unsubstantiated and comes via a third-party report
.
As of July 3, 2026, Anthropic is moving to plug the remaining loopholes that allow unauthorized Chinese access, according to the Financial Times . The company is tightening KYC checks, enhancing proxy detection, and likely revoking accounts tied to known "transfer station" operations. The crackdown follows months of escalating cat-and-mouse dynamics: each time Anthropic adds a new barrier — geoblocking, then credit card requirements, then biometric verification — Chinese gray-market operators find a new workaround
.
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
Anthropic uses a layered system — geoblocking, overseas credit card requirements, live biometric KYC, proxy tracking, and account clustering analysis — to block unauthorized Chinese access to Claude.
Anthropic uses a layered system — geoblocking, overseas credit card requirements, live biometric KYC, proxy tracking, and account clustering analysis — to block unauthorized Chinese access to Claude. Chinese companies and gray market operators have responded with workarounds including reimbursement schemes (ByteDance), overseas subsidiaries (Ant Group), and 'transfer stations' that resell Claude API tokens at 10%...
Anthropic has publicly accused DeepSeek, Moonshot AI, MiniMax, and Alibaba of large scale distillation attacks using over 24,000 fraudulent accounts and 16 million exchanges, and remains the only U.S.