Identity and age verification keeps spreading across the internet, and the latest frontier is AI. Anthropic, the company behind the chatbot Claude, may require users to prove their age or who they are. Meeting that requirement can mean handing over a photo of a government ID, recording a selfie, and letting the company keep a scan of your facial geometry, which several states classify as legally protected biometric data.
Anthropic says the step would only reach a narrow group of users whose accounts get flagged for suspected fraud, giving them a way to contest the flag instead of losing access. That may be reasonable on its own terms. The detail worth more attention is not what Anthropic is asking for. It is the company doing the collecting.
Anthropic chose Persona. That name should be familiar, because we have covered the company before. Earlier this year, researchers found that Persona had left part of its code openly accessible on a server authorized for US government use, with thousands of files sitting out in the open. What that code revealed went well past a basic age check. Discord, which had also brought in Persona, ended the relationship after user backlash. Now the same vendor is set to gather biometric data from people using one of the most popular AI tools in the country.
The handling of that data raises its own questions. Anthropic says it controls how long Persona holds the documents, but it has declined to say when the files are erased.
The ties do not stop at one contract. Persona counts Founders Fund, the firm Peter Thiel helped start, among its backers, and Thiel has separately invested in Anthropic. Persona says Thiel plays no role in running the company. Still, it places another store of sensitive identity data inside a tight circle of overlapping investors.
This is also unfolding as control over AI becomes a national security fight. Anthropic recently told a Senate committee that Alibaba had mounted a sweeping effort to copy its models, and the government has restricted access to Anthropic’s most powerful systems over security concerns. Knowing exactly who is on the other end of a session is part of how a company in that position keeps control.
That is the thread worth pulling. The reason given for verification, cutting fraud and misuse, is the same logic that quietly builds a durable record of your identity tied to what you ask an AI to do. It gets sold as safety. In practice, it also routes your face and your ID through outside vendors with their own histories and their own exposure to government demands. Once that data lands on someone else’s server, the question is not only whether you trust the company at the front door. It is whether you trust everyone who can reach it later.
;
