Anthropic has identified large-scale campaigns by DeepSeek, Moonshot AI, and MiniMax to extract capabilities from its Claude models. The company stated that these three labs generated over 16 million exchanges with Claude using approximately 24,000 fraudulent accounts, violating terms of service and access restrictions. Anthropic attributes these campaigns to IP correlations, metadata, infrastructure indicators, and industry partner corroboration.
The method used, known as "distillation," trains smaller models on the outputs of more capable ones. While commonly used internally, Anthropic asserts it was deployed here to replicate Claude’s reasoning, coding, and tool use capabilities at scale.
DeepSeek reportedly conducted over 150,000 exchanges focused on reasoning tasks and detailed explanations for generating training data. Moonshot AI initiated more than 3.4 million exchanges targeting agentic reasoning, coding, and computer use. MiniMax accounted for over 13 million exchanges, with Anthropic detecting the activity and observing traffic shifts following new model releases.
Anthropic warns that models developed through such illicit distillation may lack crucial safety guardrails, potentially enabling misuse in areas like cyber operations or biological threats. The company argues this activity could undermine US export controls by allowing foreign entities to replicate restricted capabilities.
In response, Anthropic has implemented new behavioral detection systems, enhanced account verification, shared intelligence with industry peers and authorities, and is developing product and API-level safeguards. They emphasize that addressing large-scale distillation requires coordinated action from AI labs, cloud providers, and policymakers.