Anthropic has accused Chinese tech giant Alibaba of staging the largest distillation attack ever detected, using nearly 25,000 fraudulent accounts to generate over 28.8 million exchanges with Claude between April 22 and June 5.
The attack sought to extract Claude’s most advanced capabilities-agentic reasoning, software engineering, and long-horizon tasks-without incurring the massive training costs that U.S. labs bear. Operators linked to Alibaba and its Qwen AI lab used obfuscation techniques and proxy networks to evade detection, Anthropic told Senators Tim Scott and Elizabeth Warren in a June 10 letter.
Alibaba allegedly continued the campaign after President Trump warned in April that such industrial-scale AI theft was unacceptable, and despite Alibaba’s listing on the New York Stock Exchange and its accountability to U.S. regulators. Anthropic says the event underscores the need for stricter legislation: antitrust exemptions for sharing threat intelligence, tighter chip export controls, and penalties for labs that rely on distillation attacks.
China’s AI race has intensified sharply since Anthropic released Mythos, a model with unprecedented cybersecurity capabilities that remains restricted outside the U.S. At a Beijing conference, 360 Security Technology founder Zhou Hongyi compared Mythos to a “cyber nuclear weapon” and urged China to build its own equivalent to avoid strategic disadvantage. Alibaba’s Qwen family has been downloaded more than 700 million times, and the company’s stock fell 3% after the allegations surfaced.
Alibaba denies any military ties and has sued the Trump administration to remove a Pentagon blacklisting it calls baseless. Anthropic, however, insists that if unchecked, such distillation campaigns will rapidly close the gap between U.S. and Chinese frontier models, threatening American cyber defenses.