Anthropic is moving to close the offshore workarounds that allowed Chinese tech firms — including Ant Group, ByteDance, and Alibaba — to access Claude despite an explicit ban. The crackdown, first reported by the Financial Times on July 3, comes as Alibaba responded by banning its employees from using Claude Code altogether, according to Seoul Economic Daily reporting today. When the company you allegedly robbed pre-emptively bans the tool, it is not a protest of innocence.
The backdrop is damning. In a June 10 letter to the Senate Banking Committee, Anthropic accused Alibaba’s Qwen lab of running 28.8 million unauthorized exchanges with Claude through roughly 25,000 fraudulent accounts between April 22 and June 5, 2026 — the largest known AI distillation attack ever disclosed. CEO Dario Amodei told senators the company had already “forgone several hundred million dollars in revenue” by cutting off China-linked firms, only to watch them route around the ban through Singapore subsidiaries, VPN-backed personal accounts, and Microsoft Azure-hosted foreign entities.
How Chinese Firms Were Getting Around the Ban
None of the workarounds broke US or Chinese law — they only violated Anthropic’s terms of service. Ant Group gave staff corporate Claude accounts tied to a Singapore subsidiary. ByteDance reimbursed engineers for personal subscriptions bought through VPN-masked US IP addresses. Other groups spun up foreign-incorporated entities on cloud infrastructure that relayed queries back to teams in China. Anthropic’s new approach: monitor accounts for behavioral signals like time zone mismatches, usage clustering, and query patterns that suggest a “transfer station” routing traffic to restricted users.
Congress Is Turning This Into a Sanctions Bill
Senators Bill Hagerty and Andy Kim have announced plans to introduce a defense-bill amendment that would sanction any Chinese firm found extracting US AI model outputs to train competing models. If it passes, enforcement shifts from terms-of-service violations — a civil matter — to federal sanctions. The Fable 5 export ban earlier this year already signaled Washington’s appetite for treating frontier AI like military hardware. The Alibaba allegations appear to have accelerated the timeline. Alibaba denies any wrongdoing; the 28.8 million figure is Anthropic’s allegation, not a court finding.
Anthropic is closing loopholes that let Chinese firms access Claude via Singapore subsidiaries and VPNs. It follows the company’s Senate testimony that Alibaba’s Qwen lab ran 28.8 million unauthorized Claude sessions through 25,000 fake accounts — the largest known AI distillation attack on record. Alibaba has since banned employee use of Claude Code.
Our Take
The real deterrent here isn’t behavioral monitoring — it’s the sanctions bill. As long as frontier AI remains significantly better than what Chinese labs can build independently, the economic incentive to find workarounds will persist. Monitoring time zones and clustering patterns is a speed bump; federal sanctions with teeth is a wall. For the wider picture on how China-linked operations have targeted US AI infrastructure, and what Anthropic’s valuation says about the stakes, the backstory is worth reading.

