AI

Anthropic is closing the back doors China uses to reach Claude

Ant Financial ran corporate Claude accounts through its Singapore subsidiary. ByteDance reimbursed engineers for VPN'd personal subscriptions. The FT reports Anthropic is now hunting both — a live look at what AI export enforcement actually takes.

N Noah · The Sharp Brief · July 4, 2026 · 3 min read

Banning Chinese companies from Claude has been Anthropic policy since 2025. What the Financial Times documented Friday is how routinely that ban gets routed around — and how hard the company is now swinging back. Per the FT, Ant Financial gave employees corporate Claude accounts registered to its Singapore-based subsidiary. ByteDance reimbursed engineers who bought personal Claude subscriptions and reached them over VPNs. Other Chinese firms tapped Claude — including Claude Code — through foreign-incorporated units running on cloud infrastructure such as Microsoft Azure.

The wrinkle: none of that appears to break US or Chinese law. It breaches Anthropic's terms of service, which bar Chinese companies and any foreign entities they control. That makes this an enforcement problem the company largely has to solve itself, and the FT details the toolkit — monitoring signals like the time zone a user's machine reports, and targeting "transfer station" services that relay Chinese traffic through overseas Claude accounts.

This isn't cheap virtue. Dario Amodei said in February that the company had forgone "several hundred million dollars" in revenue by cutting off firms linked to the Chinese Communist Party. Active detection stacks an engineering bill on top of the walked-away sales. Vendors don't usually spend money to fire paying customers — which tells you how seriously Anthropic takes the risk that systematic, at-scale access becomes training fuel for rival models, the distillation problem it has been flagging to Washington all year.

Chips leaked through Singapore. Model access leaks faster.

The pattern rhymes with chip export controls, which spent years chasing gray-market GPUs through the same third-country channels. But API keys are lighter than pallets of silicon: here, a workaround is a subsidiary registration and an expense report. And the demand side is adapting in the open — as we covered this morning, China just open-sourced the frontier twice in one week, with Meituan claiming zero US hardware in the training loop. Every screw tightened on Claude access strengthens the case Beijing's labs are already acting on: build your own, give it away, make the ban irrelevant. Meanwhile the frontier labs' entanglement with Washington keeps deepening — access policy is turning into industrial policy.

Our take: The control surface of the AI race just moved from silicon to sign-in screens. Chips took years to police and still leaked; model access leaks by default, because the internet was built to ignore borders. The notable part isn't that Chinese firms found workarounds — it's that Anthropic is paying real margin to close them, turning a terms-of-service clause into de facto foreign policy. The unresolved question is whether Washington backstops that policy with law. The moment it does, a Singapore workaround stops being a ToS breach and becomes sanctions evasion — and every company running gray-zone model access anywhere inherits a compliance problem overnight.

What to watch

Advertisement

Get the day, decoded — at 7 PM ET

The Sharp Brief: AI, money, business & performance in five sharp minutes. Free.

Free bonus: subscribe today and The 2026 AI Playbook (PDF) lands with your welcome email.