Anthropic has uncovered a large-scale campaign to distill Claude, linked to Alibaba.
Anthropic, a developer of advanced AI models, has uncovered the largest distillation attack in its history, orchestrated by operators linked to China's Alibaba and its Qwen lab. In my assessment, this incident represents not just a technical breach, but a serious challenge to the entire ecosystem of American AI leadership.
From April 22 to June 5, attackers used nearly 25,000 fake accounts to generate over 28.8 million queries to the Claude model. The campaign aimed to extract key capabilities of the AI system, particularly in agentic tasks, software development, and long-term planning. Anthropic emphasizes that such actions allow replicating the behavior of a cutting-edge model without the cost of training it.
Economic Threat and Geopolitical Context
In a letter to U.S. lawmakers, the company highlighted the "brazen nature" of the attack, given that Alibaba is listed on the New York Stock Exchange and conducts business in the U.S. According to Anthropic analysts, such incidents "upend economic logic": billions of dollars in American investment in research and computing resources effectively become a subsidy for competitors from China. Additionally, there is a risk that distilled models could be used for cyber operations and military tasks.
Call to Action and Legislative Initiatives
Anthropic has presented Congress with a series of proposals. These include expanding the sharing of technical indicators between AI developers and the government, clarifying antitrust rules for safe information sharing about attacks, and tightening export controls on advanced chips and access to foreign data centers. The company also insists on imposing sanctions against the organizers of large-scale distillation.
Background and Industry Precedents
This is not the first such case for Anthropic: in February, the company already accused DeepSeek, Moonshot AI, and MiniMax of similar actions, which generated over 16 million interactions. Notably, distillation itself remains a widespread industry practice—for example, Elon Musk's xAI "partially" used OpenAI models when training Grok. Against this backdrop, Congressman Bill Huizenga has introduced a bill providing for export restrictions and sanctions against foreign entities illegally accessing proprietary AI models.
My analysis: This incident highlights a fundamental vulnerability in the business model of American AI companies, which relies on open APIs. As long as distillation remains a technically simple and economically advantageous way to "catch up" with leaders, the market will face an escalation of such attacks. The only long-term solution may involve not only tightening controls but also developing fundamentally new methods to protect models from unauthorized copying.