Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Back to blog
Blog · April 16, 2026

Anthropic Now Asks for Your Passport: Inside Claude's New KYC Requirement

Anthropic quietly rolled out identity verification on Claude in April 2026, requiring passports and live selfies through Persona. Here is what changed, why it happened, and what it signals about the future of AI model access.

By DiditUpdated
cover-anthropic-kyc.png

On April 15, 2026, Anthropic quietly published a new support article titled "Identity verification on Claude." No blog post. No announcement. Just a help center page explaining that some users would now be asked to hand over a government-issued photo ID and take a live selfie to keep using Claude.

Within hours, screenshots hit X. The reaction split cleanly into two camps: privacy advocates who saw it as surveillance creep, and AI safety researchers who had been arguing for exactly this move for more than a year. Both sides are partly right. What is more interesting is what the rollout reveals about where frontier AI is heading.

What Anthropic Actually Shipped

The mechanics are straightforward. Select Claude users — not all, not yet — are prompted to verify their identity before accessing certain features. The flow runs through Persona Identities, a San Francisco-based identity verification platform.

Users are asked to provide:

  • An original, physical, government-issued photo ID (passport, driver's license, or national ID card)
  • A live selfie captured on camera

Photocopies, digital IDs stored in mobile wallets, and temporary paper IDs are all rejected. The process takes a few minutes.

Anthropic is explicit about the data handling. ID images and selfies are collected and held by Persona, not by Anthropic. Data is encrypted in transit and at rest. It is not used for model training. Persona is contractually limited to verification and fraud prevention purposes, and Anthropic accesses verification records only when needed.

The stated purpose in the help article: "to prevent abuse, enforce our usage policies, and comply with legal obligations."

Why Now

The timing is not random. In February 2026, Anthropic published one of the most consequential pieces of AI security research of the year: Detecting and preventing distillation attacks.

The findings were extraordinary. Three Chinese AI labs — DeepSeek, Moonshot AI, and MiniMax — had collectively run over 16 million exchanges with Claude across approximately 24,000 fraudulent accounts. The purpose was model distillation: using Claude's outputs as training data for cheaper, weaker models.

The breakdown by lab:

  • MiniMax: over 13 million exchanges, focused on agentic coding and tool orchestration
  • Moonshot AI: over 3.4 million exchanges, targeting agentic reasoning, coding, and computer vision
  • DeepSeek: over 150,000 exchanges, extracting reasoning capabilities and generating "censorship-safe alternatives to politically sensitive queries"

These were not casual users testing the API. They were industrial-scale extraction operations using "hydra cluster" architectures — sprawling networks of fake accounts distributed across multiple APIs and cloud providers to evade per-account rate limits and anomaly detection. One proxy network alone was managing more than 20,000 fraudulent accounts simultaneously, mixing distillation requests with legitimate traffic to stay invisible.

Anthropic's response came in layers. First, classifiers and behavioral fingerprinting to detect distillation patterns inside live API traffic. Second, intelligence sharing with other labs, cloud providers, and authorities. Third — and this is the part that directly produced the Persona rollout — "tightening verification for educational, research, and startup accounts often used to create fraudulent access."

That tightening is now reaching end users.

The Three Real Reasons for KYC on Claude

Anthropic's public language cites "safety and compliance." That is true but incomplete. There are three distinct problems Claude KYC is designed to solve.

1. Distillation and IP Theft

Frontier models cost hundreds of millions of dollars to train. The capability gap between a frontier model and a distilled copy is, for many tasks, small. If anyone with a credit card can spin up a fake account and pull millions of high-quality reasoning traces, the economics of training frontier models collapses.

KYC does not fully stop distillation. A determined adversary can still recruit mules, buy verified accounts on gray markets, or route through legitimate customers. But it raises the cost per fraudulent account from roughly zero to something measurable, and it makes account networks traceable after the fact. That shifts the attack economics significantly.

2. Safety and Catastrophic Misuse

Anthropic's Responsible Scaling Policy commits the company to progressively stronger access controls as models approach capability thresholds that could meaningfully uplift biological, chemical, nuclear, or cyber threats. For AI Safety Level 3 (ASL-3) capabilities, "know-your-customer" controls are not a nice-to-have — they are part of the stated deployment commitment.

Identity verification is the floor of any KYC program. Without it, every downstream control — usage limits, customer due diligence, sanctions screening, suspicious activity monitoring — is built on sand. Anthropic has been signaling this direction since 2024. The Persona rollout is simply the operational step.

3. Regulatory Pressure

The EU AI Act is in force. The UK AI Safety Institute has formal testing agreements with frontier labs. The US executive order on AI requires reporting for models trained above specific compute thresholds. More importantly, general-purpose AI providers are increasingly being pushed into the same compliance category as financial institutions: they are infrastructure, and infrastructure providers have to know who their customers are.

Anthropic is not waiting for an explicit mandate. It is building the compliance posture it expects to need in 12 to 24 months.

The Backlash, and Why It Is Partially Misguided

The immediate reaction online was unfriendly. Commentary on Decrypt framed it as "you switched to Claude over surveillance fears. Now it wants your passport." The concern is legitimate — an AI chat is more intimate than most internet services, and the idea of tying conversations to a verified government ID is uncomfortable.

But the specific objections deserve scrutiny.

  • "My ID gets fed into training data." This is explicitly contradicted by Anthropic's policy. IDs and selfies sit with Persona, not Anthropic, and are contractually excluded from model training.
  • "Anthropic will store my biometric face forever." Persona's retention is governed by Anthropic's contractual instructions and the regulatory frameworks Persona operates under (SOC 2 Type II, ISO 27001, and GDPR).
  • "Why do I need to prove I am a human to an AI company?" Because the AI company is legally responsible for preventing the model from being used for weapons proliferation, child sexual abuse material, sanctioned-entity workflows, and industrial IP theft. None of those controls work without identity.

The real, unaddressed concern is scope creep. Today it is "certain users, certain features." Tomorrow it could be every user. Anthropic has not committed to a scope ceiling, and the help article is deliberately vague about triggers. This is a legitimate transparency gap, and it is where civil society pressure should focus.

What This Means for Other Frontier Labs

Anthropic is not alone, but it moved first on end-user KYC. OpenAI already requires organization verification for access to certain models and features. Google DeepMind has tightened Gemini API verification for advanced tiers. Meta's Llama license has always excluded certain entities, though enforcement is uneven.

The direction is uniform. Frontier model access is becoming a regulated-industry activity, with the same "know your customer, monitor your customer, report your customer" lifecycle that banks, brokers, and crypto exchanges already live with.

Expect the following within 18 months:

  1. Universal ID verification for paid API tiers across every major frontier lab
  2. Enhanced due diligence — source of funds, intended use, beneficial ownership — for enterprise and bulk-inference customers
  3. Sanctions and export-control screening wired into account creation and ongoing monitoring
  4. Suspicious activity reporting equivalents — behavioral fingerprints and distillation indicators shared across labs, cloud providers, and governments
  5. Periodic re-verification at renewal or volume thresholds

This is the compliance stack that financial services built over four decades, compressed into an 18-month rollout.

How Didit Thinks About This

At Didit, we have been building identity verification infrastructure for exactly this moment. We serve crypto exchanges, fintechs, marketplaces, and increasingly AI platforms — and the pattern is the same across all of them. A product reaches scale, attracts abuse, and suddenly needs to prove who its users are without destroying the signup flow.

A few observations from the other side of the KYC conversation:

  • Friction kills conversion, but unverified abuse kills the product. The right answer is risk-based verification — not every user at signup, but targeted triggers like feature unlocks, volume thresholds, or anomaly signals. Anthropic's current rollout looks exactly like this.
  • Identity data is a liability if you hold it, an asset if you partner. Anthropic chose Persona. That is the right shape. The core product company stays out of the biometric-custody business.
  • KYC is the floor, not the ceiling. Behavioral monitoring, device intelligence, and network-level detection do most of the day-to-day work. Identity verification gives you something to tie those signals to.
  • Transparency is the competitive advantage. Users accept verification if the reason is clear and the data handling is spelled out. Anthropic's help article is decent on this front and will get better under pressure.

The Bigger Picture

Claude asking for your passport feels jarring because we are used to AI as a frictionless, anonymous tool. That era is ending. Frontier models are economically and strategically valuable enough that the access layer around them will look more like a regulated financial product than like a search engine.

You can argue about whether this is good. What is not in question is that it is happening, and Anthropic just fired the starting gun.

If you are a founder building on LLM APIs, three practical takeaways:

  1. Assume verified access becomes the default. Build your product on the assumption that your users will need verified identities upstream, and your own KYC posture will need to match.
  2. Pick your provider with an eye on data handling. If your AI layer hands off identity to a third party, that third party is now part of your regulatory surface area. Ask the hard questions.
  3. Build with risk-based verification. Not every user, not every session — but enough friction at the right moments to deter the 24,000-account attack pattern Anthropic just documented.

The shape of AI access in 2027 was previewed in a support article nobody read. Pay attention to that one.

---

Didit provides identity verification infrastructure for AI platforms, fintechs, crypto exchanges, and marketplaces. Core KYC at $0.30 per verification, no minimums, 220+ countries supported. Start for free.

are you ready for free kyc.png

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page
Anthropic KYC for Claude: Passport + Selfie Required