⬇️
Key Takeaways
- Anthropic reports that Alibaba used nearly 25,000 fake accounts to query Claude between April 22 and June 5, 2026.
- The activity involved 28.8 million interactions designed to support a large-scale model distillation effort.
- U.S. policymakers are reviewing Anthropic’s request for rapid federal intervention.
Anthropic alleges that Alibaba orchestrated the largest targeted AI capability extraction effort in history, relying on a technique known as a distillation attack. According to Anthropic, DeepSeek, Moonshot AI, and MiniMax also participated in the operation.
While researchers have discussed distillation for years as a method where one model is trained on the outputs of another, Anthropic's figures cite unprecedented scale. The operation involved 28.8 million conversations with Claude from April 22 through June 5, 2026, a span of 45 days. Nearly 25,000 fake accounts were used to generate that volume. Analysts at Gartner have previously noted that model extraction attempts tend to be small and sporadic, contrasting sharply with this level of industrial coordination.
Anthropic blocks access to Claude from inside China, but the company says Alibaba bypassed those restrictions to continue querying the system throughout the 45-day window.
Analysts at Forrester have warned for several years that as foundation models become core intellectual assets, competitors may look for ways to harvest behavior rather than steal weights or architecture. Anthropic explicitly characterized this operation as industrial espionage rather than standard technological competition.
Anomaly detection poses a significant challenge for model providers. IEEE researchers note that as inference volumes rise, data mining attacks often blend into normal traffic patterns. Anthropic’s disclosure of 25,000 fake accounts illustrates the difficulty of identifying coordinated extraction efforts within a global user base.
According to Anthropic, the objective of the attack was to extract Claude’s capabilities without paying for access. This dynamic shifts traditional R&D incentives, allowing groups to replicate a heavily funded model's behavior for a fraction of the original training cost.
Anthropic has sent letters to the Senate and the White House requesting urgent measures. This incident is expected to accelerate regulatory debates regarding model governance, export controls, cross-border access rules, and forensic standards for AI behavior protection.
Investors follow reports from Bloomberg and Reuters to track how geopolitical tensions in the tech sector affect supply chains and partnerships. The fallout from these extraction claims introduces new uncertainties into cross-border AI development and usage.
MIT Technology Review has previously documented how model extraction tools evolve in academic settings. In commercial environments, security teams rely on detecting repeated querying patterns or clusters of new account registrations to flag suspicious activity before large-scale distillation can occur.
Major AI developers are adapting their guardrails in response to extraction risks. Mitigation strategies include exploring rate limiting tied to behavioral analysis rather than static quotas, and investing in watermarking approaches to identify whether a competitor’s model was trained on proprietary outputs.
The Anthropic allegations highlight a shift in AI competition. The rivalry encompasses not just building systems, but protecting valuable generated behaviors against automated, large-scale extraction operations.
