Introduction
Anthropic is reportedly preparing a much stricter cleanup of unauthorized access paths to Claude. The original report focuses on one core issue: users and companies in unsupported or restricted regions have continued to reach Claude through indirect routes, and Anthropic now appears ready to close many of those routes more aggressively.
This is not just about ordinary account bans. The discussion now includes overseas subsidiaries, enterprise accounts, cloud provider access, API relay services, and even Claude Code behavior that some developers say was used to detect suspicious access patterns.

Source Note
This article is based on the BAAI Hub repost of a Xinyu article, which cites a Financial Times report and several social media screenshots. The original source link is: BAAI Hub article.
Images that were directly related to the topic, such as report screenshots, social media screenshots, and code-related screenshots, have been kept in context. Decorative logos, QR codes, recruitment posters, business contact images, and engagement banners were intentionally omitted.
The Report That Sparked the Discussion
According to the original article, the Financial Times reported that Anthropic is moving to close loopholes that allow users in restricted regions to access Claude. The report quickly spread across AI communities because it touches several practical access routes that many teams may have relied on.

The concern is not limited to one type of workaround. The article mentions special access channels, API relay services, foreign-registered subsidiaries, and cloud-provider-based access paths. In other words, Anthropic is not only looking at where an account is registered. It is also looking at who ultimately controls the user, where the actual user is located, and whether the access route is being used to bypass unsupported-region restrictions.

2026’s “Absolute Block” Policy
The original article describes the July 2026 move as an “absolute block” against unauthorized access. The central point is simple: Anthropic does not want Claude to be accessed from unsupported regions, and it also does not want companies controlled from those regions to access Claude through foreign entities.

Two restrictions are especially important:
- Users should not access Claude from unsupported regions, and others should not help them do so.
- Companies controlled from unsupported regions may still be restricted, even if a subsidiary is registered outside that region.
This matches Anthropic’s public position from September 2025, when it said it was strengthening sales restrictions for companies or organizations controlled by jurisdictions where its products are not permitted. In that update, Anthropic also said the rule covered entities more than 50% owned, directly or indirectly, by companies headquartered in unsupported regions.

To enforce these restrictions, the article says Anthropic may rely on more than ordinary account checks. It mentions payment method screening, suspicious IP detection, and system-level signals such as a user’s operating system timezone. The point is not only to identify where the account was created, but also to infer where the real user may be operating from.
Anthropic has also said it will continue updating detection systems with partners to identify and restrict accounts that appear to violate its terms.
All These Routes Are Now Under Pressure
The original article lists several access paths that are reportedly being targeted. These routes differ in structure, but they share the same basic idea: they try to make access look as if it comes from an allowed region, even when the actual user or controlling organization may be somewhere else.
| Access Route | How It Works | Why It Is Being Targeted |
|---|---|---|
| Personal overseas accounts | Employees register personal accounts outside the restricted region, sometimes with company reimbursement. | It can hide the true organizational user behind an individual account. |
| Overseas subsidiaries | A company buys Claude through a subsidiary in an allowed region, then routes access internally. | Anthropic’s restrictions may apply based on control or ownership, not only registration location. |
| Cloud provider paths | A company uses Claude through a cloud service such as Microsoft Foundry or Azure-related access. | The user may appear to be using a cloud service while the final user sits elsewhere. |
| API relay services | Third-party relay stations forward Claude API requests. | These can obscure the real origin and user of the request. |
- Personal Overseas Accounts Paid by Companies
The first route is fairly simple. An employee registers an overseas Claude account in their own name, then the company reimburses the cost or gives informal financial support.
This may look like personal use from the outside, but the real purpose can be business use. If a company is located in or controlled from an unsupported region, that creates a clear compliance problem under Anthropic’s stated restrictions.
- Overseas Subsidiaries and Enterprise Claude Accounts
The second route is more structured. A global company may have a legitimate overseas subsidiary in a supported region, such as Singapore. That subsidiary could purchase Claude access and then provide internal access to engineers in another region through a company network.
In the original article’s example, engineers connect to the company intranet and use Claude from inside that enterprise environment. From a technical routing perspective, the access may pass through the overseas subsidiary. From a policy perspective, however, Anthropic may still treat this as restricted access if the ultimate user or controlling entity falls under its unsupported-region rules.
This is why the new restrictions matter. If foreign registration alone is no longer enough, then overseas subsidiaries can no longer serve as a safe workaround.
- Microsoft Azure and Cloud Access Paths
The third route involves cloud platforms. The original article points to Microsoft Azure and related cloud access as a possible path for companies that want to call Claude models through cloud infrastructure.
Microsoft is best known as OpenAI’s major partner, but Microsoft Foundry has also offered access to Anthropic Claude models. If a company buys access through a supported-region cloud account, requests could be routed through that cloud environment and then returned to users inside the company.
The article argues that this type of path may also be affected if Anthropic applies restrictions based on ownership, control, and actual usage rather than only cloud account location.

This does not mean every Microsoft Foundry or Azure Claude deployment is problematic. It means companies should review Anthropic’s terms, Microsoft’s regional requirements, and their own billing and user-location setup before assuming that cloud access is automatically compliant.
- API Relay Services
The fourth route is API relay access. These services usually place a relay server between the user and the model provider. The user sends a request to the relay service, and the relay service forwards it to Claude or another model provider.
In 2026, the article says Anthropic has placed API relay stations among its key enforcement targets. The reason is obvious: relays can make it harder to identify the real user, the real organization, and the real request origin.

The article also notes that large AI companies are less likely to depend on informal relay stations. For them, the risk is too high. Source code, product roadmaps, private algorithms, and internal data could all be exposed to an unknown intermediary.
For smaller teams, relay services may look convenient. But from a security and compliance perspective, they can create serious risk.
From Timezone Checks to Hidden Code: Why Trust Became the Real Issue
幾分鐘搭建展示站並增長獲客
輸入一句想法,We0 AI 即可生成展示站、頁面與 CMS。發佈上線後並幫你獲取客戶和流量。
The most controversial part of the article is not only the access restriction itself. It is the claim that Claude Code included detection logic that could use local environment signals to identify suspicious usage.
According to the original article, security researcher Adnane Khan found that Claude Code, starting from version 2.1.91, contained hidden detection logic related to custom API forwarding addresses and user environment information.
When a user configured a custom API forwarding address, the program reportedly checked the operating system timezone and looked for signals linked to specific regions. The article says this created concern because the detection was not obvious to ordinary users.

The article also describes a strange prompt-level behavior. When Claude Code sent requests to the server, the system prompt could include a date string such as “Today’s date is 2026-06-30.” If the environment matched certain signals, the date separator could reportedly change from a hyphen to a slash, and the apostrophe in “Today’s” could be replaced with visually similar Unicode characters.

The visible change looked small:
2026-06-30
could become:
2026/06/30

To users, this may seem like a tiny formatting detail. To a detection system, however, it could work as a hidden signal. That is why the reaction was so strong. Developers were not only upset about regional restrictions; they were worried that a coding tool they trusted might quietly modify prompt content based on environment checks.
According to the screenshot in the original article, a person named Thariq said the behavior was part of an experiment launched in March to prevent account abuse from unauthorized resellers and protect against distillation. The same response said stronger mitigations had landed since then and that the experimental behavior was expected to be rolled back in a later release.
Account Bans, Refund Disputes, and Internal Company Responses
The original article says that from late June to early July, many users in affected regions reported Claude account bans without advance notice. These reports included both individual subscriptions and team accounts.
A major complaint was refund handling. The article claims that accounts paid through the official website and then judged to be in violation were generally not refunded, and that successful appeals were difficult.
The article also says Alibaba had internally announced a reverse ban on Claude products, requiring employees to uninstall Anthropic-related tools including Claude models and Claude Code, with the ban taking effect on July
10. This part should be treated as a developing corporate-policy story unless confirmed through official company channels or reliable reporting.
What This Means for Chinese AI Models
The final question raised by the article is whether domestic models such as GLM, DeepSeek, Qwen, and Step may gain more room to grow.
The logic is straightforward. If overseas access to Claude becomes harder, more companies may shift development workflows to models that are locally available, easier to deploy, or more predictable from a compliance standpoint. For coding, knowledge work, agent workflows, and enterprise integration, availability can matter almost as much as raw benchmark performance.
This does not mean every team will immediately abandon Claude. Claude remains a strong model family, especially for coding and agentic workflows. But if access becomes unstable or policy risk becomes too high, teams will naturally evaluate alternatives.
FAQ
What is Anthropic reportedly trying to block?
Anthropic is reportedly trying to block indirect access to Claude from unsupported or restricted regions. The routes mentioned in the original article include overseas accounts, foreign subsidiaries, cloud-provider access, and API relay services.
Does registering a company overseas make Claude access compliant?
Not necessarily. Anthropic’s public restriction update says ownership and control can matter, not only where a subsidiary is registered. A company should review Anthropic’s current terms and supported-region rules before relying on a foreign entity structure.
Can Claude be accessed through Microsoft Foundry or Azure?
Anthropic provides documentation for using Claude in Microsoft Foundry, and Microsoft also documents partner model availability. However, cloud access still depends on supported regions, billing rules, and Anthropic’s terms. A valid cloud deployment should not be treated as a workaround for unsupported-region access.
What is an API relay service?
An API relay service forwards requests from users to a model provider such as Anthropic. It can make access more convenient, but it can also obscure the real requester and introduce privacy, compliance, and data-leak risks.
Why are developers concerned about Claude Code timezone checks?
Developers are concerned because the reported behavior involved checking local environment signals and possibly modifying prompt text in subtle ways. Even if the purpose was anti-abuse enforcement, hidden behavior inside a coding tool can damage trust.
Are relay services safe for company code or private data?
They are risky unless the operator is fully trusted and contractually accountable. A relay can see or process sensitive requests, which may include source code, business plans, customer data, or internal prompts.
Will this create opportunities for Qwen, DeepSeek, GLM, and other models?
It may. If Claude access becomes less predictable for some teams, locally available or regionally compliant alternatives become more attractive. That said, teams should evaluate models based on capability, privacy, deployment options, cost, and legal compliance.
Related Tools
- Anthropic Claude: Anthropic’s official Claude model family for chat, coding, reasoning, and enterprise workflows.
- Claude Code: Anthropic’s agentic coding system for working across codebases from a terminal or development workflow.
- Claude API Documentation: Official developer documentation for building applications with Claude.
- Microsoft Foundry: Microsoft’s AI platform for deploying and using foundation models, including partner models.
- Qwen: Alibaba’s Qwen model platform and assistant experience.
- DeepSeek API: Official DeepSeek API documentation for developers.
- Zhipu AI BigModel: Zhipu AI’s official platform for GLM-family models and related APIs.
Related Links
- Original BAAI Hub Article: The source article used for this adapted English version.
- Financial Times Report: The report cited by the original article about Anthropic closing Claude access loopholes.
- Anthropic: Updating Restrictions of Sales to Unsupported Regions: Anthropic’s official policy update on unsupported-region sales restrictions.
- Anthropic Supported Regions: Official list of countries, regions, and territories supported for Claude API access.
- Claude Code GitHub Repository: Official GitHub repository for Claude Code information and setup guidance.
- Claude in Microsoft Foundry: Anthropic’s official guide for accessing Claude models through Microsoft Foundry.
- Microsoft Foundry Partner Models: Microsoft’s official documentation for partner and community models in Foundry.
Summary
This article explains the key points behind the reported Anthropic crackdown on indirect Claude access. The affected routes include personal overseas accounts, overseas subsidiaries, Microsoft Foundry or Azure-style access paths, and third-party API relay services.
The most sensitive issue is trust. Regional restrictions are one thing, but hidden environment checks or prompt-level signals inside a developer tool can make teams question what their tools are doing in the background.
For companies and developers, the practical takeaway is clear: review supported regions, avoid informal relay channels for sensitive work, and evaluate model providers not only by capability but also by access stability, data handling, and compliance risk.
Claude may remain powerful, but predictable and compliant access is now part of the model-selection decision.



