Anthropic Accuses Alibaba of Largest Known AI Model Distillation Attack Against Claude
Anthropic formally accused Alibaba of orchestrating the largest known adversarial distillation attack, using 25,000 fraudulent accounts to extract capabilities from its Claude AI model over six weeks.
Anthropic has formally accused Chinese tech and e-commerce giant Alibaba of orchestrating a massive, unauthorized extraction campaign targeting its Claude AI model, marking what the company describes as the largest known distillation attack in its history. In a letter dated June 10, 2026, and addressed to U.S. Senate Banking Committee Chair Tim Scott and Ranking Member Elizabeth Warren, Anthropic alleged that operators affiliated with Alibaba and its AI research division, Alibaba Qwen, conducted a coordinated campaign to illicitly harvest capabilities from its Claude AI model.
The campaign ran from April 22 to June 5, 2026, generating more than 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts. The operation specifically targeted Claude’s most advanced and commercially valuable capabilities, including software engineering and agentic reasoning, the cornerstones of Anthropic’s cutting-edge Mythos Preview model. The attack relied on a technique known as “adversarial distillation,” a method where a less capable AI model is trained on the outputs of a more powerful one to mimic its capabilities at a fraction of the development cost.
Anthropic warned that this process allows Chinese AI labs to replicate frontier U.S. AI capabilities without incurring the enormous R&D and computational expenditure required to train models from scratch. In its letter, Anthropic wrote: “These distillation attacks are carried out illicitly, systematically, and at an industrial scale to harvest U.S. AI capabilities across frontier labs and repackage them as their own without incurring the training and R&D costs required to train U.S. frontier models.” Bloomberg was the first to report on this letter.
Anthropic further cautioned that AI systems built through this adversarial distillation method often lack safety guardrails, posing broader security and safety risks beyond intellectual property theft. This is not an isolated incident. In February 2026, Anthropic had already revealed a separate scheme involving DeepSeek, the Chinese AI startup whose low-cost model rattled global tech markets in early 2025, along with two other Chinese AI laboratories attempting to illicitly access Claude’s platform.
Earlier this month, the company announced that it received a directive from the Trump administration requiring them to stop allowing anyone from outside the U.S., including their own employees who are not U.S. citizens, to access their newest models called Claude, specifically Fable 5 and Mythos 5. Anthropic now describes this pattern as “systematic and unauthorized” exploitation of leading U.S. AI models to build a rival generation of Chinese chatbots.
The disclosure is already driving legislative action on Capitol Hill. Senators Bill Hagerty (R-TN) and Andy Kim (D-NJ) are moving to introduce an amendment to must-pass defense legislation that would blacklist or sanction any Chinese firm found improperly accessing U.S. AI model outputs to train competing systems. Alibaba has not responded to requests for comment.
The escalating confrontation over AI model theft signals a deepening technological and geopolitical rift between the U.S. and Chinese AI sectors, with frontier model security now firmly in the crosshairs of national security policy.