Largest AI Distillation Attack: Anthropic Accuses Operators Linked to Alibaba of Stealing Claude's Capabilities
Anthropic has identified a large-scale campaign of unauthorized distillation of its flagship model Claude, which it says was organized by operators linked to China's Alibaba and its AI lab Qwen. This incident is described as the largest known attack of its kind, threatening the intellectual property and competitive advantages of American developers.
According to available information, the attackers used nearly 25,000 fake accounts to generate over 28.8 million queries to Claude between April 22 and June 5. The campaign aimed to extract and copy key capabilities of the model, including agentic tasks, software development, and long-term planning. Anthropic emphasizes that such actions allow Chinese labs to replicate the behavior of a cutting-edge model without investing in its training.
"When PRC labs distill these capabilities from American models, they reap the benefits of American investment without bearing the costs and risks. This upends the economic logic underpinning U.S. leadership in AI, turning billions in investment into a subsidy for our competitors," Anthropic said in an official statement to the U.S. Congress.
The company notes that while distillation itself is a legitimate practice for creating cheaper or more compact versions of models, the problem arises with unauthorized access through fake accounts. Anthropic warns that such technology leakage could accelerate the development of Chinese AI systems for cyber operations, military tasks, and intelligence.
Call to Action: What Anthropic Proposes
In response to the incident, Anthropic has approached lawmakers with a series of specific proposals. The company calls for expanding the sharing of technical indicators and intelligence between AI developers and the U.S. government, as well as clarifying antitrust rules so that firms can share information about attacks without legal risks. Additionally, Anthropic insists on tightening export controls on advanced AI chips and computing resources, closing loopholes for Chinese organizations to access foreign data centers, and imposing sanctions on responsible parties.
This is not the first time Anthropic has detected such attacks. Previously, the company accused DeepSeek, Moonshot AI, and MiniMax of generating millions of interactions with Claude through fake accounts. These allegations have sparked debate, as distillation remains a common practice in the industry, but the scale of the latest campaign, according to experts, poses a serious challenge to U.S. national security and economic competitiveness.
Expert Commentary: This incident highlights a critical vulnerability in the modern AI ecosystem, where models accessible via APIs become easy targets for industrial espionage. The issue goes beyond simple competition and enters the realm of geopolitical confrontation, where control over advanced algorithms becomes as strategic a resource as semiconductors. Regulators will need to find a balance between innovation openness and protecting key technologies, otherwise U.S. leadership in this field will face a serious threat.