Anthropic has uncovered a massive theft of AI technologies: operators linked to Alibaba attacked Claude
American company Anthropic, developer of the advanced language model Claude, has recorded the largest attack on AI model distillation in its history. In a letter sent to the U.S. Senate Banking Committee, the company accuses operators linked to Chinese Alibaba and its AI lab Qwen of conducting a large-scale campaign to illegally extract Claude's capabilities.
According to data collected by my team, from April 22 to June 5, attackers created nearly 25,000 fake accounts. Through these, more than 28.8 million queries were generated to the model. "Beyond its scale, this campaign was striking due to its brazen nature. Alibaba is listed on the New York Stock Exchange, maintains business operations in the United States, and is accountable to American investors and regulators," the document emphasizes.
The distillation method used in this attack is not inherently prohibited: it is legitimately employed to create cheaper or more compact versions of models. However, the problem arises when competitors, bypassing service restrictions through fake accounts, use the model's responses to train their own systems. In this case, the attack targeted Claude's key capabilities in agentic tasks, software development, and long-term planning.
Anthropic emphasizes that such actions allow Chinese labs to replicate the behavior of advanced models without the costs of training them. "When PRC labs distill these capabilities from American models, they reap the benefits of American investments without bearing the costs and risks. This upends the economic logic underpinning U.S. leadership in AI," the letter notes. The company also warns that unauthorized distillation could accelerate the development of Chinese AI systems for cyber operations, military tasks, and intelligence.
What Anthropic Demands from Congress
In response to the incident, the company called on lawmakers to expand the sharing of technical indicators and intelligence between AI model developers and the U.S. government. It also proposes clarifying antitrust rules so that firms can share information about such attacks without risking violations of competition law. A separate demand concerns export controls: tightening restrictions on advanced AI chips and computing resources, as well as closing loopholes that allow Chinese organizations to access foreign data centers.
Context and Precedents
This is not the first time Anthropic has faced large-scale distillation. In February, the company accused DeepSeek, Moonshot AI, and MiniMax of generating over 16 million interactions with Claude through approximately 24,000 fake accounts. Those campaigns were linked to specific labs via IP addresses, query metadata, and infrastructure indicators. Notably, distillation itself remains a common industry practice: in April, Elon Musk testified in federal court that xAI had "partially" used OpenAI models when training Grok.
Against this backdrop, Congressman Bill Huizenga introduced a bill providing for export restrictions and sanctions against foreign entities illegally accessing American AI products. As an analyst, I note that this incident highlights the urgent need for a unified system to monitor and counter such attacks. While American companies spend billions on research, competitors gain access to their achievements through backdoors of fake accounts, which could undermine U.S. technological leadership in the long term.