Detailed Analysis
Anthropic's introduction of mandatory identity verification for certain Claude AI use cases has catalyzed a measurable expansion of black-market workarounds, particularly among Chinese developers who already operate under an official access ban covering mainland China, Hong Kong, and Macau. The new policy requires users in specific scenarios—such as accessing advanced features, high-tier plans like Claude Max, or undergoing security and compliance reviews—to submit a government-issued photo ID alongside a live selfie, with verification processed through the third-party platform Persona. The system is deliberately strict: copies, screenshots, student IDs, and bank cards are rejected, and only original physical documents qualify. Anthropic maintains that collected data is used solely for identity confirmation and is not shared beyond itself and Persona except under legal compulsion, with images stored on Persona's systems rather than Anthropic's own infrastructure.
The policy has most acutely disrupted China's developer ecosystem, where Claude—and especially Claude Code—had cultivated substantial popularity despite official restrictions, largely through VPN usage and relay platforms such as AICodeMirror, which had amassed over 10,000 users and more than 200 institutional clients. The introduction of KYC-style (Know Your Customer) checks directly undermines these anonymity and location-masking strategies, since presenting a government-issued ID exposes geographic and personal identity information that many Chinese users cannot or will not disclose to a U.S.-based AI company. In response, black-market vendors have moved rapidly to scale workarounds that preserve access without triggering identity requirements, perpetuating a cat-and-mouse dynamic that Anthropic's policy was likely designed to curtail.
Critics from the broader technical community have raised substantive objections to the effectiveness of the ID verification approach. A central argument is that credit card transactions already constitute a form of KYC, meaning legitimate users are largely self-identified through existing payment mechanisms. Furthermore, Anthropic's own telemetry systems are already capable of detecting behavioral misuse patterns, and Claude's built-in refusals provide a real-time content-level safeguard. From this perspective, the ID checks impose meaningful friction on legitimate users—including the risk of a data breach through Persona—without meaningfully deterring bad actors, who are precisely the population most motivated and capable of bypassing verification.
The episode sits at the intersection of several converging pressures in global AI development: escalating US-China technology tensions, the difficulty of enforcing geographic access controls for software services, and growing debates about the tradeoffs between responsible AI deployment and equitable access. Anthropic's verification rollout reflects a broader industry movement toward treating AI model access as a regulated resource rather than an open utility, analogous to how financial platforms have applied KYC frameworks to prevent fraud and sanctions evasion. However, unlike financial systems where such controls have had decades of iteration, AI access controls remain technically immature and jurisdictionally contested, a gap that the scaling black-market response makes starkly visible.
The situation also underscores a structural irony in AI safety governance: the most sophisticated guardrails tend to burden compliant users most heavily while providing determined circumventors with clear targets to reverse-engineer. As Anthropic pursues responsible-use objectives through identity infrastructure, the unintended consequence has been the professionalization and growth of workaround ecosystems. This dynamic will likely intensify as more frontier AI companies impose access controls under US export policy pressure, pushing the question of whether technical enforcement or geopolitical negotiation is the more durable path toward governing who interacts with advanced AI systems.
Read original article →