Anthropic Accuses Chinese AI Labs of Claude Model Distillation Attack

Anthropic, an AI company renowned for its advanced Claude model, has recently come forward with serious allegations against three prominent Chinese AI companies: DeepSeek, Moonshot AI, and MiniMax. According to the New York Times, these companies have been accused of orchestrating large‑scale 'distillation attacks' aimed at illicitly extracting and replicating capabilities from the Claude model. The scale of these attacks is staggering, involving over 24,000 fake accounts used to generate more than 16 million queries to Claude, undercutting U.S. export controls amidst ongoing geopolitical tensions.

The alleged attacks were not just opportunistic but strategically targeted key capabilities of the Claude model. It has been pointed out that DeepSeek and its cohorts focused on extracting high‑value functionalities such as agentic reasoning, tool use, coding, and even the ability to circumvent censorship. The sheer volume and targeted nature of these exchanges suggest an intent to directly replicate these skills to gain competitive advantage in the global AI landscape. This approach, according to Anthropic, reflects an aggressive stride by these companies to catch up with American firms by circumventing traditional development paths.<

Anthropic's detection of these attacks, as detailed by,¹ was triggered by unusual patterns in queries posed to Claude. The anomalies, which markedly deviated from normal use patterns, led to the revelation of these extensive and coordinated endeavors. In response, Anthropic has not only bolstered its security measures by deploying new classifiers and verification systems but also emphasized the need for collaboration across the industry. They advocate for industry‑wide intelligence sharing and policy interventions to prevent such misuse of AI technology, highlighting the broader risks associated with potential authoritarian applications.

The allegations against Chinese AI companies DeepSeek, Moonshot AI, and MiniMax shed light on the sophisticated tactics employed in their so‑called "distillation attacks". According to the main news article, these attacks involved creating over 24,000 fake accounts to make approximately 16 million queries to Anthropic's Claude model. The strategy allowed these companies to illicitly copy important capabilities such as agentic reasoning, advanced tool usage, coding, and methods to circumvent censorship, all of which violated the terms of service and China's strict regulations on AI access. This has raised alarms about the security of AI models and the persistent challenges in maintaining the integrity of intellectual property amidst fierce global competition in AI development.

Specifically, DeepSeek executed over 150,000 exchanges that aimed at testing and emulating Claude’s reasoning capabilities. This included generating responses that comply with certain rubrics and crafting censorship‑safe replies to sensitive political topics. Meanwhile, Moonshot AI initiated more than 3.4 million queries to analyze agentic reasoning and develop capabilities related to tool use, data analysis, and computer vision. Notably, they also attempted to recreate Claude's reasoning processes. On their part, MiniMax conducted over 13 million exchanges to extract and mimic coding and tool orchestration abilities, directing substantial traffic toward newly released versions of Claude. These concerted efforts, as detailed in,² exemplify the systematic approach of these companies to advance their own technological capabilities by leveraging the exported AI strengths of U.S. models.

In response to the discovery of extensive distillation attacks by Chinese AI firms, Anthropic has taken a multifaceted approach to bolster its defenses and prevent further exploitation of its Claude model. Key measures include implementing advanced classifiers and behavioral fingerprinting to detect suspicious activity patterns indicative of distillation attempts. These measures help differentiate between normal usage and malicious behavior, effectively thwarting attempts to harvest the model's capabilities. Enhanced verification protocols for new accounts have been introduced, particularly targeting educational institutions and startups, ensuring that access is granted only to legitimate users.

Furthermore, Anthropic has engaged in strategic intelligence sharing with other AI laboratories, cloud service providers, and international authorities to combat these threats on a broader scale. This collaborative effort not only strengthens immediate defenses but also fosters a cooperative environment among tech players to address shared security challenges. The company emphasizes the necessity of an industry‑wide response and calls for the integration of robust policy frameworks to safeguard AI technology, echoing concerns about open‑source models potentially being misused in surveillance and cyber operations, particularly by authoritarian regimes.

Anthropic's proactive steps mirror recent actions taken by other tech giants, such as Google's disclosure of similar distillation attacks on its Gemini model. According to this report, the industry is beginning to recognize the systemic nature of these threats, prompting a collective call for stringent security measures and regulatory oversight. In the face of widespread artificial intelligence espionage, companies are urged to build comprehensive defenses not only to protect proprietary technologies but also to preserve competitive advantages in the global AI landscape.

In the recent allegations leveled by Anthropic against Chinese AI companies, the concept of 'distillation attacks' has caught significant attention. Distillation, in the context of AI models, involves querying a larger, more sophisticated 'teacher' AI model to train a smaller 'student' model, thereby replicating the teacher's capabilities without the need for equivalent computational resources. According to The New York Times, Anthropic accused DeepSeek, Moonshot AI, and MiniMax of employing over 24,000 fake accounts to orchestrate such attacks on the Claude model through millions of queries. This alleged exploitation not only highlights the risks associated with model vulnerability but also reflects on the competitiveness within global AI development landscapes, potentially threatening U.S. export controls aimed at maintaining technological superiority.

The public's reaction to Anthropic's claims against the Chinese AI companies is marked by a mixture of support, skepticism, and fervent debate. According to discussions on platforms like X (formerly Twitter), a significant portion of users rally behind Anthropic, perceiving its actions as a necessary defense against potential breaches of national security. These supporters often frame the situation as a digital espionage issue, emphasizing the need to expose such practices and enhance defenses. For instance, pro‑U.S. AI advocates on social media stress the importance of protecting American technological advancements from overseas exploitation, advocating that these practices can threaten national security and innovation.¹

On the other hand, critics, including prominent tech figures like Elon Musk, have highlighted what they see as a double standard in Anthropic's stance. Musk and his followers point out what they believe to be hypocrisy, noting historical instances where American companies have been accused of similar data collection practices. They contend that such actions contribute to a broader issue of ethical inconsistencies within the AI industry, sparking discussions on forums like Hacker News and Reddit about the legitimacy and equity of distillation as a practice in AI development.²

Furthermore, there are those within the public discourse who express admiration for the ingenuity of the Chinese firms involved, recognizing their ability to advance technologically under restrictive conditions. This sentiment is particularly strong among analysts who argue that these companies are simply leveraging available techniques to improve their models efficiently. However, fears persist regarding the influence of the Chinese government, with many voicing concerns about the potential for such technologies to be used in surveillance and other authoritarian activities.³

The debate extends to the ethics surrounding the practice of model distillation itself. While some argue that distillation, when conducted transparently and ethically, can be a valid method of technology transfer, others equate it to outright intellectual property theft when carried out on such a massive, secretive scale. This ongoing conversation reflects broader themes in AI ethics and the responsibilities of technology providers to safeguard their innovations while fostering open collaboration.⁴

Overall, the reactions to Anthropic's allegations expose the complexities of international AI competition and the ethical challenges that arise when commercial interests intersect with national security. This case has prompted calls for clearer guidelines and international cooperation to address these issues, indicating a shift towards more stringent regulatory frameworks that might govern the future of AI development and cross‑border technology exchange.

The allegations against Chinese AI companies, including DeepSeek, Moonshot AI, and MiniMax, for conducting distillation attacks on Anthropic’s Claude model underscore significant concerns for future AI competition and policy formulation. The scale of these operations, utilizing millions of queries to extract advanced AI capabilities, not only highlights risks of intellectual property theft but also challenges the efficacy of current U.S. export controls on AI technology. What these incidents illustrate is a growing potential for disruption within competitive dynamics across the global AI landscape. If such extraction methods continue to evolve, they could erode competitive advantages currently held by U.S. companies, fundamentally altering market power and innovation trajectories across industries. As noted in the,¹ strategic responses will need to adapt quickly to these challenges.

The U.S.-China technological rivalry is expected to intensify as a result of these distillation attacks, which bypass traditional export controls via digital means. Such activities may drive geopolitical tensions higher, with potential reverberations across policy and regulation domains globally. Governments might be compelled to rethink AI export policies and possibly introduce more stringent cybersecurity and API management standards to safeguard against such breaches. The implications of this are broad, touching upon not just national security but also economic competitiveness and technological leadership. Furthermore, this could hasten the development of international regulatory frameworks or treaties focussed on preventing AI model extraction, akin to existing global accords on nuclear non‑proliferation or cyber warfare.

From a policy standpoint, the revelations of these distillation attacks necessitate an urgent reevaluation of current AI governance structures. Policymakers may ramp up calls for stronger international cooperation to ensure robust cybersecurity measures across AI deployments. The incorporation of mandatory security protocols for AI systems could become standardized, demanding investments in infrastructure and altering the economic landscape of AI innovation. These measures, while crucial, could lead to increased operational costs and potentially limit the entry of smaller players, thereby influencing the competitive contours of the AI industry. The necessity for technical advancements in AI model protection, such as improved behavioral fingerprinting and classifier technologies, is likely to gain increased attention as industry stakeholders strive to mitigate similar threats in the future.