Anthropic accuses Alibaba of using 25,000 fraudulent accounts to probe Claude AI models

Anthropic accuses Alibaba of using 25,000 fraudulent accounts to probe Claude AI models

The AI safety company describes the alleged scheme as the largest known distillation attack on its systems to date

Share

Add us on Google
by Editorial Team

Anthropic just lobbed a very public grenade at one of China’s biggest tech conglomerates. In a letter sent to US senators and White House officials, the company behind Claude AI accused Alibaba’s Qwen AI lab of orchestrating an industrial-scale operation to siphon proprietary knowledge from its models.

The numbers are staggering. Anthropic claims roughly 25,000 fraudulent accounts were used to conduct 28.8 million interactions with Claude between April 22 and June 5, 2026. That’s not someone poking around out of curiosity. That’s a coordinated extraction campaign.

Advertisement

What a distillation attack actually looks like

A distillation attack involves systematically querying a more advanced AI model to generate training data for a competing, typically cheaper model. The attacker doesn’t need to steal source code. They just need enough high-quality outputs to teach their own system how to mimic the target.

Anthropic’s letter, dated June 10 and addressed to Sens. Tim Scott and Elizabeth Warren along with White House officials, describes the operation as “the largest known distillation attack on Anthropic to date.” The company says the fraudulent accounts specifically targeted Claude’s capabilities in software engineering and agentic reasoning, two of the most commercially valuable frontiers in AI development.

This isn’t Anthropic’s first rodeo

Back in February 2026, Anthropic disclosed previous distillation attacks linked to other Chinese AI labs, including DeepSeek, Moonshot, and MiniMax. The Alibaba allegation represents a significant escalation, both in scale and in the prominence of the accused party.

No immediate response from Alibaba has been reported. The allegation only became public on June 24, so the company may still be formulating its position.

Anthropic has consistently restricted Claude’s availability in China. The company has positioned itself as the safety-first player in the AI race, and framing this incident as a national security concern rather than a mere terms-of-service violation is a deliberate strategic choice.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
AI

Anthropic accuses Alibaba of using 25,000 fraudulent accounts to probe Claude AI models

Anthropic accuses Alibaba of using 25,000 fraudulent accounts to probe Claude AI models

The AI safety company describes the alleged scheme as the largest known distillation attack on its systems to date

by Editorial Team

Share

Add us on Google

Anthropic just lobbed a very public grenade at one of China’s biggest tech conglomerates. In a letter sent to US senators and White House officials, the company behind Claude AI accused Alibaba’s Qwen AI lab of orchestrating an industrial-scale operation to siphon proprietary knowledge from its models.

The numbers are staggering. Anthropic claims roughly 25,000 fraudulent accounts were used to conduct 28.8 million interactions with Claude between April 22 and June 5, 2026. That’s not someone poking around out of curiosity. That’s a coordinated extraction campaign.

Advertisement

What a distillation attack actually looks like

A distillation attack involves systematically querying a more advanced AI model to generate training data for a competing, typically cheaper model. The attacker doesn’t need to steal source code. They just need enough high-quality outputs to teach their own system how to mimic the target.

Anthropic’s letter, dated June 10 and addressed to Sens. Tim Scott and Elizabeth Warren along with White House officials, describes the operation as “the largest known distillation attack on Anthropic to date.” The company says the fraudulent accounts specifically targeted Claude’s capabilities in software engineering and agentic reasoning, two of the most commercially valuable frontiers in AI development.

This isn’t Anthropic’s first rodeo

Back in February 2026, Anthropic disclosed previous distillation attacks linked to other Chinese AI labs, including DeepSeek, Moonshot, and MiniMax. The Alibaba allegation represents a significant escalation, both in scale and in the prominence of the accused party.

No immediate response from Alibaba has been reported. The allegation only became public on June 24, so the company may still be formulating its position.

Anthropic has consistently restricted Claude’s availability in China. The company has positioned itself as the safety-first player in the AI race, and framing this incident as a national security concern rather than a mere terms-of-service violation is a deliberate strategic choice.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.