Anthropic quietly updated its support page this week to introduce mandatory identity verification for certain Claude capabilities. The page, titled "Identity verification on Claude," explains that users may be asked to submit a government-issued photo ID and a live selfie processed by third-party partner Persona Identities. The rollout arrives at an unusually fraught moment: Fable 5, Anthropic's most capable model to date, has been offline since June 12 under a US export control directive, and the company's updated privacy policy now explicitly enumerates biometric data and government IDs among the data it may collect.
The combination has produced a polarised reaction. Privacy advocates warn that connecting an AI company's identity infrastructure to a Peter Thiel-backed vendor is a structural risk regardless of stated data-deletion policies. Industry observers counter that ID gating for high-capability AI access is simply the direction the entire sector is moving. Both camps are right about different things.
What Anthropic's Support Page Actually Says
The official page is straightforward. Anthropic frames verification around three justifications: preventing abuse, enforcing usage policies, and complying with legal obligations. The rollout is described as selective—users will see a verification prompt "when accessing certain capabilities, as part of our routine platform integrity checks, or other safety and compliance measures."
The verification process requires:
- A valid government-issued photo ID — passport, driver's licence, or equivalent — physical document in hand, not a photo of a photo.
- A phone or a computer with a camera — you may be asked to take a live selfie via phone or webcam.
- A few minutes — Anthropic estimates the process takes under five minutes.
The selected partner is Persona Identities, chosen according to Anthropic "based on the strength of their technology, privacy controls, and security safeguards."
On data use, Anthropic's language is unambiguous: "We only use your verification data to confirm who you are and not for any other purposes." What the page does not specify is the retention window before deletion, the data-sharing terms between Anthropic and Persona, or which specific capabilities will trigger a prompt.
The Persona Question
Persona Identities is a well-regarded identity infrastructure company used by fintechs, crypto exchanges, and regulated industries. It is not a fringe vendor. Its technology powers KYC flows for companies in categories where identity verification is legally required. On technical merit, the choice is defensible.
The controversy centres on investor lineage. Peter Thiel, whose political views and intelligence community ties have made him a recurring flashpoint in tech policy debates, is among Persona's backers. For users already uncomfortable with data flowing to AI companies, the addition of a Thiel-affiliated verification layer raises questions about:
- Data isolation: Is Persona's identity graph strictly siloed from its other customers and investors?
- Government requests: Thiel's relationships with US intelligence and national security apparatus lead some critics to ask whether a government subpoena to Persona would indirectly expose Claude users.
- Prompt correlation: If Anthropic shares a session identifier alongside an identity verification event, could that link a real-world identity to a specific conversation thread?
Anthropic has not addressed these questions publicly beyond the support page language. Persona, for its part, publishes standard SOC 2 compliance materials and states that biometric data is deleted after verification — matching Anthropic's claim.
The critics are raising structurally valid questions. The supporters are also right that OpenAI, Google, and other frontier providers have moved toward similar verification requirements for their highest-capability access tiers. The novelty here is not the mechanism — it is the timing.
Fable 5, Mythos, and the Export Control Context
To understand why the timing matters, it helps to know where Anthropic is right now.
Fable 5 launched on June 9, 2026, and was immediately recognised as a generational step in coding and long-horizon research capability. On June 12 — three days later — the US Commerce Department issued an export control directive suspending the model for foreign users, citing national security risks. Fable 5 and its Mythos variant remain offline as of this writing (June 21).
The stated rationale for the ban is not a narrow software vulnerability. The NSA Director reportedly told a Senate Intelligence Committee briefing that Mythos, in a red-team exercise, autonomously breached nearly all of the NSA's classified systems within hours. Senator Mark Warner quoted the briefing publicly on June 11 — one day before the ban — saying: "It would have been irresponsible to not impose export controls on it." Separately, Amazon — Anthropic's largest investor — reportedly flagged a jailbreak of Fable to the Commerce Department, though the precise sequence of events remains disputed.
Against this backdrop, Anthropic's updated privacy policy (effective July 8, 2026) is particularly significant. The policy now explicitly enumerates government-issued ID and biometric data among data categories it may collect. Read alongside the ID verification rollout, analysts see a specific use case: a US-citizens-only restoration path for Fable 5 that could satisfy the export control directive without waiting for a full government-level agreement.
The logic: if Anthropic can demonstrate that only verified US persons are accessing the model's most sensitive capabilities, it potentially satisfies the "foreign access" concern at the heart of the directive — without requiring the government to formally lift it. Whether that theory is correct is unclear; the Commerce Department has not publicly commented on it.
What the Verification Covers (and What It Doesn't)
Anthropic's language is deliberately vague about scope. "Certain capabilities" is not defined. Based on community reports and the structure of the support page, the most likely candidates are:
- Fable 5 access when and if it is restored — the capability with the most obvious national security nexus
- High-compute agentic tasks — long-running autonomous agent workflows that interact with external systems
- API tiers that remove content policy limits — categories where abuse is hardest to reverse
What almost certainly does not require verification: standard Claude.ai chat, API access at current rate limits, Opus 4.8, Sonnet, and Haiku. The verification flow is not a site-wide gate.
For enterprise and API customers, the picture is less clear. Enterprise agreements may handle verification differently, potentially through corporate identity attestation rather than individual ID submission.
The Privacy Risk Framework
Users evaluating whether to complete verification should think through three distinct risk categories:
1. Data-at-rest risk: The ID document and selfie are transmitted to Persona. Even if Persona deletes them post-verification per policy, there is a window of exposure. Any data breach at Persona during that window could expose your government ID details. This is the same risk that exists when verifying identity for a bank, a crypto exchange, or a healthcare portal — not novel, but real.
2. Identity-to-session linkage: If verification creates a persistent linkage between your real identity and your Claude session history, that changes the threat model for sensitive conversations. Professional users — lawyers, journalists, security researchers, therapists using Claude for administrative work — may have legitimate reasons to prefer pseudonymous access. Whether Anthropic creates or maintains such linkage is not stated.
3. Third-party data requests: Any entity holding your verified identity data can receive government requests (subpoenas, national security letters). Both Anthropic and Persona are US entities subject to US legal process. This has always been true for Claude account data. Verification adds biometric data and a higher-confidence identity assertion to the package.
For most users, these risks are comparable to existing identity verification flows at other services. For users with specific threat models — journalists in sensitive reporting situations, security researchers, users in countries with difficult US diplomatic relationships — the calculus is different.
Industry Precedent: Is This Actually Standard?
Supporters of Anthropic's move frequently cite OpenAI. That comparison is accurate in substance. OpenAI requires government ID verification for:
- Certain o-series reasoning model access
- API operator accounts above specific volume thresholds
- Features that interact with payment systems or sensitive data categories
Google has similar verification flows for Gemini Ultra access in regulated enterprise contexts. The direction of travel across frontier AI companies is clearly toward higher identity assurance for higher-capability access. The trend predates the Fable 5 ban by at least a year.
What is somewhat new is biometric verification (the live selfie component) as a consumer-facing requirement. Document-only verification is common; liveness checks are more typically reserved for financial services, age verification for adult content, and similar regulated categories. If Anthropic is moving toward liveness checks for AI access, it is slightly ahead of where the broader AI industry has landed — though not outside the range of what regulated-industry precedent suggests is coming.
What Should Users Do?
If you use Claude for general work and don't access high-capability features: Nothing has changed. You are unlikely to see a verification prompt in the near term.
If you are a developer building on Claude's API: Review Anthropic's updated privacy policy (effective July 8) and assess whether your use case will require verification. If you are building for enterprise customers, determine whether corporate attestation can substitute for individual ID submission.
If you want access to Fable 5 when it returns: Prepare to verify. The export control context makes it virtually certain that restoration will come with identity requirements attached — either via Anthropic directly or via API operator attestation on your behalf.
If you have specific privacy concerns: The verification is selective, not mandatory for all Claude access. Opting out of verification means opting out of the capabilities gated behind it — which, for now, primarily means Fable 5 and any future capabilities in the same tier.
The Bigger Picture
Anthropic's verification rollout is a signpost for where AI access is heading: capability and identity assurance are converging. The most powerful models will not be freely accessible to anonymous users. This is partly driven by government pressure, partly by genuine safety considerations, and partly by the commercial incentive to create premium access tiers that are defensible to regulators.
For users who came to Claude precisely because it felt like a capable AI without the surveillance overhead of consumer tech platforms, this shift is disorienting. For regulators and national security officials who have watched Mythos demonstrate autonomous offensive cyber capability in a classified exercise, some form of access gating seems, at minimum, understandable.
The Persona choice remains the most legitimate unresolved question. Anthropic's rationale — "strength of technology, privacy controls, and security safeguards" — describes the vendor accurately on technical terms. Whether the investor network attached to that vendor belongs in the threat model for an AI company's identity infrastructure is a question Anthropic has not engaged with publicly.
Read next: When Will Fable 5 Be Available Again? · Will Fable 5 Only Be Available in the USA? · G7 Évian 2026: AI Summit Outcomes
This article reflects the situation as of June 21, 2026. Anthropic's verification requirements, Persona's data policies, and the Fable 5 export control situation are all evolving. Verify directly with Anthropic's support pages before making decisions based on any specific claim here.