Anthropic Accuses Alibaba of Largest Claude AI Distillation Attack
Published
Key Takeaways
- Alleged Attack: Anthropic accused Alibaba and its AI lab Alibaba Qwen of the largest known distillation attack on its Claude AI model.
- Scale Detailed: The campaign reportedly generated 28.8 million exchanges through nearly 25,000 fraudulent accounts between April 22 and June 5, 2026.
- Senate Notified: Anthropic detailed the activity in a June 10 letter to Senators Tim Scott and Elizabeth Warren.
Anthropic has accused Alibaba and its AI lab Alibaba Qwen of carrying out the largest known model distillation attack against the company, illicitly extracting capabilities from its Claude AI model. The accusation appears in a letter dated June 10, sent to U.S. Senate Banking Committee Chair Tim Scott and Ranking Member Elizabeth Warren.
According to the letter, operators affiliated with Alibaba and Alibaba Qwen conducted the campaign between April 22 and June 5, 2026, generating more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts.
Claude Distillation Accusations
Anthropic described "distillation" as training a less capable model on the outputs of a stronger one. The company said, cited by Reuters, that the effort was designed to accelerate China's ability to reach the company's advanced Mythos Preview capabilities.
The Alibaba allegation follows earlier disclosures. In a February posting, Anthropic identified campaigns by Chinese AI labs to extract capabilities from Claude.
DeepSeek's operation involved over 150,000 exchanges, Moonshot AI reached more than 3.4 million, and MiniMax exceeded 13 million. Anthropic warned the campaigns were growing in "intensity and sophistication."
Policy Fallout and Trade Restrictions
Alibaba was added to the Pentagon's Chinese military companies list, along with Huawei, Tencent, and TP-Link, a designation it is challenging.
On June 12, two days after Anthropic's letter, the Commerce Department imposed restrictions on Anthropic's latest Mythos and Fable AI models, citing fears they could be deployed by military intelligence users in China and other countries of concern. The restrictions led Anthropic to disable access to the models globally.
In March, Claude Code was weaponized in a Mexican government cyberattack that exposed roughly 195 million identities. In early 2025, KELA researchers warned that Alibaba’s Qwen2.5-VL AI model was vulnerable to prompt injection exploits.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular