SAT, JULY 04, 2026
Independent · In‑Depth · Practitioner‑Tested
✎ General

Anthropic Is Closing the Loopholes Letting Chinese Firms Access Claude — Engineers Are Still Finding New Ones

FT: Anthropic is closing loopholes used by Chinese firms including Ant Group to access Claude via 'transfer station' relay services and cloud workarounds. Engineers still finding new routes. Part of Anthropic's formal US government commitments from Fable 5 negotiations — directly tied to preventing distillation attacks like the 28.8M Qwen exchanges Anthropic accused Alibaba of.

By AIToolsRecap July 3, 2026 5 min read 23 views
Home Articles General Anthropic Moves to Close Loopholes Letting Chin...
Anthropic Is Closing the Loopholes Letting Chinese Firms Access Claude — Engineers Are Still Finding New Ones

WHAT ANTHROPIC IS DOING AND WHY

The loopholes: Chinese firms accessing Claude via cloud providers, overseas subsidiaries, and "transfer station" relay services that obscure request origin
Named firm: Ant Group (Alibaba's fintech arm) — one of the companies using workarounds, per FT
Anthropic's action: Targeting "transfer station" services — relay services that forward requests from Chinese users to Claude while hiding the origin
Current state: Engineers at Chinese firms are still finding new workarounds as fast as Anthropic closes old ones
Why now: Part of the formal commitments Anthropic made to the US government during Fable 5 ban negotiations — monitoring for malicious use, closing access loopholes
Context: Anthropic already accused Alibaba's Qwen lab of 28.8M fraudulent Claude distillation exchanges in a Senate Banking Committee letter

The Loopholes Being Closed

The Financial Times reported that Anthropic is targeting several categories of workaround that have allowed Chinese firms to access Claude models despite restrictions. The primary mechanism is "transfer station" services — relay services that accept API requests from Chinese users, forward them to Claude's API, and return the responses, while obscuring the true origin of the request in the API logs. These services effectively act as anonymous proxies for Claude access.

A second category involves cloud providers: Chinese firms routing Claude API requests through US or European subsidiaries, or through cloud platforms that are technically compliant customers of Anthropic but then sub-route those requests to Chinese end users. A third involves overseas subsidiaries of Chinese companies that are formally incorporated in jurisdictions where Claude access is permitted but whose actual end users are in China.

The enforcement challenge is significant. Anthropic's API access controls work on the principle of verified customer identity — the company doing the signing up. Once a compliant customer is established, detecting that the actual end users of that customer's Claude integration are in restricted jurisdictions requires much deeper traffic analysis. Engineers at Chinese firms are reportedly finding new workarounds as quickly as Anthropic closes existing ones.

Why This Matters — The Distillation Risk

The concern is not purely about access to Claude for everyday use. The deeper risk is distillation — using Claude's outputs as training data for competing Chinese models. Anthropic's letter to the Senate Banking Committee dated June 10, 2026 documented 28.8 million fraudulent API exchanges traced to Alibaba's Qwen lab, which Anthropic believes were used to distillation-train Qwen models on Claude's reasoning patterns. At the scale of 28.8 million exchanges, this represents a systematic capability transfer — not casual access.

Closing the loopholes that allow unrestricted Chinese firm access to Claude is therefore not just about compliance with US export control commitments. It is about protecting the training signal that Anthropic has invested billions to develop. Every Claude output used as training data for Qwen without Anthropic's authorisation reduces the competitive moat that justifies Anthropic's $965B IPO valuation. The enforcement effort and the IPO preparation are the same business objective.

The Commitments Anthropic Made to the Government

When Fable 5 was restored on July 1, Anthropic had made formal commitments to the US government including: proactively hunting for jailbreaks and security problems; reporting any malicious use spotted in production; standing up a 24/7 team to monitor jailbreak reports; opening a HackerOne bug bounty program for Fable 5 jailbreak submissions; and giving the government earlier access to test future frontier models before public release. Closing Chinese access loopholes is the operational implementation of the malicious use monitoring commitment. If Anthropic allows Chinese firms to circumvent access controls, it undermines the trust relationship with the government that enabled the Fable 5 restoration.

Source: Financial Times, July 2-3, 2026 · Related: June 27: Anthropic accuses Alibaba of 28.8M Claude distillation attacks → · Fable 5 ban: the full behind-the-scenes story →

Tags
AI NewsAnthropicGenerative AI2026

Spot an inaccuracy?

We verify facts before publishing and correct errors promptly. If something in this article is wrong or outdated, let us know.

Report an error →