Anthropic says Alibaba must be punished for largest Claude cloning attack

2026-06-25 · Source: AI - Ars Technica · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, medium

Summary

Anthropic has accused Chinese firm Alibaba and its AI lab, Alibaba Qwen, of orchestrating the largest campaign to illicitly extract Claude's capabilities to date. Between April 22 and June 5, Alibaba allegedly generated over 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts, targeting advanced features like agentic reasoning and long-horizon tasks. This campaign, which Anthropic claims evaded detection using obfuscation techniques, occurred despite a prior Trump administration warning against "industrial-scale" AI theft. Anthropic asserts these attacks turn US R&D into a subsidy for geopolitical competitors and seeks legislative action, including updated antitrust laws for information sharing, stricter export controls on chips, and penalties for firms engaging in such "bad behavior." Chinese tech founder Zhou Hongyi of 360 Security Technology confirmed China's urgent need to develop its own "Mythos-like" AI, highlighting the strategic disadvantage of lacking access to advanced US models.

Key takeaway

For Directors of AI/ML concerned with intellectual property protection and national security, you should prioritize implementing advanced detection systems against large-scale model distillation attempts. Your teams must monitor for sophisticated obfuscation techniques and fraudulent account patterns. Consider advocating for policy changes that strengthen export controls on advanced compute. Penalize foreign entities engaging in illicit AI capability extraction, as these attacks directly undermine your R&D investments and national strategic advantage.

Key insights

Chinese firms are allegedly conducting large-scale distillation attacks to replicate US frontier AI capabilities, raising national security concerns.

Principles

• AI distillation attacks subsidize competitor R&D.
• Circumvention economies fuel illicit extraction.
• AI capability gaps create national security risks.

Method

Alibaba allegedly used obfuscation techniques and proxy networks to generate millions of exchanges with Claude via fraudulent accounts, targeting agentic reasoning and long-horizon tasks for capability extraction.

In practice

• Implement robust AI model access controls.
• Monitor for large-scale fraudulent account activity.
• Advocate for stronger export controls on advanced chips.

Topics

• AI Model Distillation
• Intellectual Property Theft
• National Security AI
• Export Controls
• Alibaba Qwen
• Anthropic Claude

Best for: CTO, VP of Engineering/Data, Executive, Policy Maker, Director of AI/ML, Tech Journalist

Related on AIssential

• US accuses China of “industrial-scale” AI theft. China says it’s “slander.” — The US government is preparing to counter alleged industrial-scale AI intellectual property theft by Chinese entities using distillation attacks.
• Anthropic slams Chinese AI firms for harvesting data from its Claude chatbot — AI frontier models accessed via APIs present a new attack surface for industrialized data distillation.
• CLAUDE JUST GOT BANNED — A U.S. government directive has banned Anthropic's AI due to a standoff over military usage terms, impacting its market position.
• Super Micro Co-Founder Arrested for Smuggling $2.5 Billion in NVIDIA GPUs to China — A sophisticated scheme allegedly diverted billions in US AI servers to China, raising national security and export control enforcement concerns.
• N.S.A. Lost Access to Powerful A.I. Model Amid Anthropic Dispute — Advanced AI models, like Anthropic's Mythos, can rapidly identify critical system vulnerabilities, posing both security and policy challenges.
• WTF is going on?! — Government export controls on advanced AI models highlight the risks of fear-based marketing and inherent jailbreaking vulnerabilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by AI - Ars Technica.