Key Points:
- Anthropic has accused Chinese technology giant Alibaba of conducting a massive “distillation attack” on its Claude AI models.
- The illicit campaign used 25,000 fraudulent accounts to run 28.8 million queries to harvest reasoning and coding capabilities.
- The developer warned U.S. policymakers that distilled models bypass critical national security safeguards and safety guardrails.
- Following reports of the systematic IP siphoning, Alibaba’s stock price dropped 3% amid fears of regulatory backlash.
A major international controversy is unfolding in the artificial intelligence sector, as U.S. startup Anthropic has accused Chinese technology and e-commerce giant Alibaba of stealing intellectual property. In a detailed letter sent to U.S. senators and White House officials, the company claimed that operators linked to Alibaba’s Qwen AI lab executed a massive, coordinated campaign to illicitly extract capabilities from its Claude models. The scale of this operation represents the largest known attempt to harvest data from a leading American AI developer to date, escalating tensions between the world’s two largest technology superpowers and fueling calls for tighter federal regulations.
The campaign used a sophisticated and highly controversial technique known as “adversarial distillation.” In legitimate AI development, distillation is a standard way for companies to build smaller, cheaper, and more efficient versions of their own massive language models. However, when a competitor uses the technique, it involves feeding queries to a rival’s powerful model, harvesting the highly advanced outputs, and using that synthesized data to rapidly train and boost a less capable model. This shortcut allows foreign laboratories to clone advanced reasoning, coding, and software engineering capabilities at a fraction of the actual research and development cost, completely bypassing the massive computing investments required to train frontier models from scratch.
What shocked industry observers and security specialists is the unprecedented scale of the alleged campaign. According to the internal investigation detailed in the letter, operators linked to the Chinese firm’s ecosystem set up a massive network of 25,000 fraudulent accounts between April and June. These fake accounts, which used commercial proxy servers and virtual private networks to bypass geographic restrictions, generated a staggering 28.8 million exchanges with the Claude system. Security teams noted that the automated prompts systematically targeted Claude’s highly advanced logical reasoning, mathematical solving, and software engineering capabilities, indicating a highly coordinated industrial espionage effort.
The release of the letter triggered an immediate negative reaction on Wall Street. Shares of the Chinese e-commerce and cloud conglomerate tumbled by approximately 3% during regular trading hours on Wednesday, wiping out billions of dollars in market value. Investors are increasingly worried about potential U.S. regulatory retaliation, which could target the conglomerate’s cloud computing operations and international partnerships. Furthermore, the accusations have raised serious concerns about whether independent Chinese labs can develop competitive artificial intelligence without relying heavily on siphoned American technology.
This massive campaign is not an isolated incident, but rather part of a growing, systematic pattern of data harvesting targeting top-tier U.S. labs. Earlier, in February, security analysts uncovered similar industrial-scale distillation campaigns conducted by three other prominent Chinese laboratories: DeepSeek, MiniMax, and Moonshot AI, which is heavily backed by Alibaba itself. That previous campaign involved 24,000 fake accounts and generated over 16 million queries. Among those, the Alibaba-backed Moonshot AI was the most aggressive, single-handedly accounting for over 3.4 million exchanges, or roughly 20% of the entire campaign volume. The latest 28.8 million query operation proves that these data-siphoning efforts are growing rapidly in intensity and technical sophistication.
Beyond the commercial implications of intellectual property theft, the startup raised urgent national security alarms to Washington policymakers. Advanced American AI models are built with strict safety filters and guardrails designed to prevent the software from assisting in cyberattacks, creating biochemical weapons, or spreading mass disinformation. However, when a foreign competitor clones these systems through distillation, those critical safety guardrails are stripped out entirely. The newly trained clone retains all the advanced reasoning and coding capabilities but lacks any of the central safety limits, giving authoritarian governments or malicious actors a powerful, weaponized tool with zero oversight.
The campaign also represents a brazen violation of the developer’s terms of service. Because of complex legal, regulatory, and national security risks, the developer explicitly blocks all its commercial products and API systems from being accessed in mainland China. The fact that operators managed to register and automate 25,000 separate accounts proves that current geographical blocking mechanisms are easily defeated by basic proxy networks and automated script bots. The developer has since blacklisted and banned all accounts associated with the illicit activity, but developers warn that determined actors can easily purchase fresh proxy networks to restart their campaigns.
In light of these persistent breaches, the developer is urging Washington to establish a unified regulatory defense framework. Current export controls heavily restrict China’s access to high-performance graphics processing units and physical server hardware, but they do virtually nothing to stop Chinese entities from renting those same capabilities over the cloud or siphoning model outputs through public-facing web portals. The letter stresses that protecting American tech supremacy requires a coordinated effort across AI labs, major cloud providers, and international trade regulators to monitor unusual automated traffic patterns and enforce stricter, identity-verified API access policies.
As the global race for artificial intelligence supremacy continues to heat up, the dispute highlights how difficult it is to secure digital borders. While hardware is relatively easy to track and embargo, the virtual outputs of advanced neural networks flow freely across borders with minimal friction. By taking these accusations directly to the White House and Congress, the developer is signaling that the era of private tech companies quietly handling cyber incidents is over. Without a robust and enforceable global standard for model protection, the multi-billion-dollar investments made by American research labs will continue to serve as a free open-source training library for foreign competitors.
