Anthropic Tightens Access Controls to Prevent Chinese Entities from Using Claude

iconCryptoBriefing
Share
AI summary iconSummary

Anthropic is rolling out a stricter enforcement regime designed to stop Chinese entities from accessing its Claude models, whether through direct API abuse or the kind of elaborate workarounds that its existing rules technically didn’t cover.

The proximate cause is hard to ignore. According to a letter Anthropic sent to U.S. senators on June 10, 2026, operatives linked to Alibaba’s Qwen AI lab executed what the company described as the largest known distillation attack it has ever identified. Between April 22 and June 5, 2026, roughly 25,000 fraudulent accounts generated more than 28.8 million interactions with Claude. The goal: systematically extract Claude’s capabilities to train a competing model without paying for the research that produced them.

What a distillation attack actually is

Distillation means feeding a powerful model enormous volumes of questions and logging its answers, then using that data to train a cheaper model that mimics the original’s behavior.

Advertisement

In its June letter to senators, Anthropic called for two things: better information sharing between U.S. AI companies when distillation attacks are detected, and significantly harsher penalties for anyone caught running one.

The policy evolution

Anthropic’s September 2025 Terms of Service already prohibited commercial access to Claude by Chinese entities or by companies indirectly controlled by them. The new measures extend the restriction to majority-owned subsidiaries of restricted entities, closing the corporate structure loophole that let some users maintain plausible deniability.

In April 2026, Anthropic also began rolling out identity verification for flagged users, requiring government-issued IDs and live selfies before granting or restoring access.

By early July 2026, Anthropic had walked back at least some of its covert detection measures after users pushed back. The company hasn’t disclosed exactly which methods it rolled back.

Why this matters beyond Anthropic

Anthropic has not publicly accused Alibaba of directing the attack, only that the accounts were linked to operatives associated with the Qwen lab. That’s a meaningful distinction, and one that matters if this eventually becomes a legal or regulatory matter.

What investors and developers should watch

Anthropic’s letter to senators suggests the company is actively lobbying for a legal framework that would give U.S. AI labs stronger recourse when distillation attacks are detected.

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.