Anthropic Accuses Chinese AI Firms of Illicitly Extracting Claude Capabilities

Key facts

• Anthropic identified "industrial-scale campaigns" by DeepSeek, Moonshot AI, and MiniMax to illicitly extract Claude's capabilities.
• These campaigns involved over 16 million exchanges generated through approximately 24,000 fraudulent accounts.
• The attacks violated Anthropic's terms of service and regional access restrictions, as the companies are based in China where Claude's services are prohibited.
• Distillation is a technique where a less capable model is trained on the outputs of a stronger AI system.
• Anthropic stated that illicitly distilled models lack necessary safeguards, creating significant national security risks and enabling authoritarian governments to deploy AI for malicious activities.
• Alibaba was also accused of illicitly extracting Claude AI model capabilities, which Anthropic described as the largest known distillation attack on the company to date.

Anthropic has accused three Chinese artificial intelligence companies—DeepSeek, Moonshot AI, and MiniMax—of conducting "industrial-scale campaigns" to illicitly extract capabilities from its Claude AI model. These "distillation attacks" reportedly generated over 16 million exchanges with Claude through approximately 24,000 fraudulent accounts, violating the company's terms of service and regional access restrictions. All three companies are based in China, where Claude's services are prohibited due to legal, regulatory, and security risks.

Distillation is a technique where a less capable model is trained on the outputs of a stronger AI system. While legitimate for companies to create smaller versions of their own models, it is illegal for competitors to use it to acquire capabilities from others at a fraction of the development cost and time. Anthropic warned that illicitly distilled models lack necessary safeguards, posing significant national security risks and potentially enabling authoritarian governments to deploy AI for offensive cyber operations, disinformation campaigns, and mass surveillance.

DeepSeek reportedly targeted Claude's reasoning capabilities and sought assistance in generating censorship-safe alternatives to politically sensitive queries. Moonshot AI focused on Claude's agentic reasoning, tool use, and coding capabilities, while MiniMax targeted its agentic coding and tool use abilities. Anthropic stated that the volume and structure of the prompts indicated deliberate capability extraction rather than legitimate use.

In a separate but related accusation, Anthropic also accused Alibaba, the Chinese technology and e-commerce giant, of illicitly extracting Claude AI model capabilities. This was described as the largest known distillation attack on the company to date. The attacks relied on commercial proxy services that resell access to AI models, utilizing "hydra cluster" architectures with extensive networks of fraudulent accounts to evade detection and distribute traffic.