Crypto news

The developer of the AI model Claude, Anthropic, has uncovered a large-scale distillation campaign organized by operators linked to China's Alibaba and its Qwen lab. This is the largest known incident of its kind, as evidenced by an official letter sent to U.S. Senate Banking Committee Chairman Tim Scott and senior Democrat Elizabeth Warren.

From April 22 to June 5, over 28.8 million interactions with the model were generated through nearly 25,000 fake accounts. Anthropic emphasizes the brazen nature of the attack, noting that Alibaba is listed on the New York Stock Exchange, conducts business in the U.S., and is accountable to American investors and regulators.

Distillation is a method where a less powerful model is trained on the responses of a stronger one. In February, Anthropic noted that this approach is often used legitimately, for example, to create cheaper or more compact versions. The problem arises when competitors gain access to a cutting-edge tool through fake accounts, bypass service restrictions, and use the responses to train their own systems.

In this case, the attack targeted Claude's capabilities in agentic tasks, software development, and long-term planning. According to the developer, such actions allow the reproduction of the behavior of a cutting-edge model without the cost of training it. Anthropic emphasizes that Chinese labs reap the benefits of American investments without bearing the costs and risks associated with training advanced AI models, which "reverses the economic logic underpinning U.S. leadership in AI."

The company also warns that unauthorized distillation could accelerate the development of Chinese AI systems for cyber operations, military tasks, and intelligence.

What Anthropic is asking from Congress

Anthropic has called on lawmakers to expand the sharing of technical indicators and intelligence between developers of advanced AI models and the U.S. government. The company also requested clarification of antitrust rules so that firms can share information about such attacks without risking violations of competition law.

Another part of the proposals concerns export controls. Anthropic demands stricter restrictions on advanced AI chips and computing resources, as well as closing loopholes that allow Chinese organizations to access foreign data centers. The company proposed imposing sanctions or other measures against parties responsible for large-scale extraction of model capabilities.

Other cases

In February, Anthropic accused DeepSeek, Moonshot AI, and MiniMax of generating over 16 million interactions with Claude through approximately 24,000 fake accounts. At the time, the developers claimed they linked the campaigns to specific labs via IP addresses, request metadata, infrastructure indicators, and partner data. DeepSeek generated over 150,000 interactions, Moonshot AI over 3.4 million, and MiniMax about 13 million.

These allegations sparked controversy, as distillation itself remains a common industry practice. In April, Elon Musk testified in federal court that xAI "partially" used OpenAI models when training Grok.

On April 20, Congressman Bill Huizenga introduced a bill against the extraction of key technical characteristics of closed U.S. AI models by foreign adversaries. The document provides for export restrictions and sanctions against foreign entities that illegally gain access to products based on artificial intelligence.

As a reminder, in December 2025, Nvidia reported developing technology to verify the location of its processors amid information about the smuggling of accelerators into China.

Expert commentary: This incident is not just another data leak, but a signal of a systemic vulnerability in the security architecture of leading AI companies. While U.S. lawmakers debate measures, Chinese players are already actively exploiting regulatory gaps. The market must realize: distillation is becoming not just an optimization tool, but a strategic weapon in the AI arms race.