Anthropic Wants to See Your ID Now. Guess Who's Holding the Camera.

There's a particular flavour of tech-company press release that exists purely to make a bad decision sound like a customer-service upgrade, and Anthropic's "Identity verification on Claude" support page is a masterclass in the genre. It's all soft, reassuring language — minimum information required, industry-standard security controls, we set the rules for how it's used. Read it once and you'd think Anthropic was doing you a favour by asking for your passport.

Starting July 8, certain Claude capabilities will require you to hand over a government-issued photo ID and a live selfie. The company processing that data is Persona Identities, a San Francisco identity-verification firm best known, depending on which corner of the internet you ask, for either being the reasonably competent KYC vendor behind half the platforms you already use, or for being the company that had its government-dashboard codebase sitting unsecured on a FedRAMP-authorised server for who knows how long. Reddit found out about this roughly the way Reddit finds out about everything: badly, and all at once, in a thread that currently reads less like discourse and more like a controlled demolition.

Here's what's actually happening.

Anthropic quietly updated its privacy policy and a support article to say that, in "a few use cases," Claude may prompt users for identity verification — "as part of our routine platform integrity checks, or other safety and compliance measures." Which is corporate-speak for we'll ask when we feel like it, for reasons we're not going to fully explain. The verification itself runs through Persona: you submit a passport, driver's licence, or national ID, Persona extracts the machine-readable fields, you take a selfie, and somewhere in a data centre your face gets compared against your government paperwork. Anthropic insists it never sees or stores the raw images — Persona holds those — and that the data isn't used to train models. Fine. Good, even. Nobody's accusing Anthropic of wanting your face for the next Claude checkpoint.

The problem is Persona's owner cap table. Persona is backed by Founders Fund, the venture firm Peter Thiel co-founded, and Thiel also happens to be an Anthropic investor and the co-founder of Palantir — a company whose core business is selling surveillance and data-fusion software to the FBI, the CIA, and ICE. Persona's COO has gone on record saying Thiel has no operational role at the company, doesn't sit on its board, and isn't involved in decision-making, which is the kind of statement that's almost certainly true and does almost nothing to calm anybody down, because the discomfort was never really about Thiel personally micromanaging a verification queue. It's about the fact that the same investor network now touches your chatbot's understanding of your face.

And this isn't a hypothetical reputational risk Anthropic talked itself into ignoring. Persona had an actual incident: security researchers found its government-dashboard codebase exposed on a publicly accessible, FedRAMP-authorised server — thousands of files, no exploit required to view them. Discord, facing the same vendor for age verification, looked at that headline and quietly shelved its plans. Anthropic looked at the same headline, weeks later, and signed the contract anyway. That's not an oversight. That's a company deciding that shipping the compliance checkbox mattered more than the optics of the vendor who'd just had a very public bad month.

The timing doesn't help. This lands days after Anthropic's own flagship model, Fable 5, got yanked offline by a US export control directive — the same Anthropic that, by its own telling, has been fighting federal overreach, not rolling out the welcome mat for it. Several outlets have pointed out the layer of irony sitting directly underneath this rollout: Anthropic spent earlier this year refusing to let the Pentagon use Claude for the kind of mass surveillance work that would make a privacy lawyer's eye twitch, and won the resulting legal fight. Now it's asking ordinary Pro and Max subscribers to feed their face and government ID through a Thiel-adjacent verification pipeline so they can keep asking Claude to help with their resume. The principle apparently scales selectively.

To be fair to Anthropic — and it pains me slightly to be fair to Anthropic in a post about this — the underlying problem is real. As Claude gets more agentic, booking flights, touching your Google Drive, executing multi-step tasks with actual consequences, "who is actually behind this account" stops being a philosophical question and starts being a fraud-prevention one. OpenAI does ID verification at its higher tiers too. So does pretty much every fintech and crypto exchange Persona already works with. Identity assurance for high-capability access isn't some uniquely sinister Anthropic invention; it's where the entire industry is heading, dragged there by regulators who'd rather blame a chatbot than write actual AI legislation.

But "everyone's doing it" was never the defence anybody wanted to hear from the company that built its entire brand on being the adult in the room. Anthropic doesn't get to simultaneously market itself as the safety-conscious alternative to Sam Altman's iris-scanning orb and then quietly outsource your biometric data to a Thiel-funded vendor with a recent track record of government-server mishaps. Pick a lane.

Which brings us to the thread. The general mood over on r/ClaudeAI is not subtle. It's the usual mix you get whenever a company quietly redraws its privacy policy and hopes nobody reads the help-centre article closely: a few people calmly explaining the GDPR and BIPA implications nobody asked for, a larger crowd just doing the maths on "Thiel + Palantir + my passport photo" and not liking the sum, and a contingent already drafting their cancellation emails on principle, regardless of whether they'll actually be among the "few use cases" the verification applies to. The overall read, echoed across the privacy press that picked this up, is that the community sees it less as a security feature and more as a quiet erosion of the trust Anthropic spent two years building. Nobody in that thread sounds reassured by we set the rules for how long Persona keeps your data — mostly because Anthropic still won't say what that retention period actually is.

There's a deeper irritation underneath the Thiel jokes, too, which is that this is how identity infrastructure consolidation actually happens — not through one dramatic villain moment, but through a dozen separate companies each making a quiet, individually defensible decision to outsource to the same vendor, until Persona is running 300 million verifications a year across Reddit, LinkedIn, OpenAI, Discord, Roblox, and now Claude, and there's effectively nowhere left to go if you don't want your face in that pipeline.

Anthropic will, almost certainly, weather this the way every AI company weathers a privacy backlash: a help-centre FAQ update, a vague reassurance about retention periods that still won't specify the actual retention period, and a news cycle that moves on within a week. The verification rolls out July 8 regardless. The thread will still be there, increasingly buried, the next time someone searches "Claude Persona ID" and wonders why a chatbot needed to see their driver's licence in the first place.

Sources: Claude Help Center · MediaNama · The Register · r/ClaudeAI thread