US accuses China of “industrial-scale” AI theft. China says it’s “slander.”

2026-04-23 · Source: AI - Ars Technica · Field: Government & Public Sector — Public Policy & Governance, Regulatory & Compliance, International Relations & Diplomacy · Depth: Intermediate, short

Summary

The US government is preparing to address what it alleges is "industrial-scale theft of American artificial intelligence labs' intellectual property" by Chinese entities, primarily through "distillation attacks." These attacks involve prompting advanced AI models, such as OpenAI's, Google's Gemini, and Anthropic's Claude, tens of thousands to millions of times using fraudulent accounts to train cheaper copycat models. The White House Office of Science and Technology Policy director, Michael Kratsios, confirmed these campaigns, noting they use "tens of thousands of proxy accounts to evade detection and using jailbreaking techniques." US firms will soon receive government information to combat these attacks, while Congress is considering updating laws, including potentially categorizing "adversarial distillation" as industrial espionage and a controlled technology transfer, to impose severe penalties.

Key takeaway

For CTOs and VPs of Engineering overseeing AI development, this intelligence highlights an escalating threat of intellectual property theft via distillation attacks. You should prioritize implementing advanced monitoring for unusual API access patterns and invest in robust account authentication to detect and prevent large-scale model extraction attempts. Be prepared for potential changes in US export controls and intellectual property law that could impact international AI collaborations and technology transfers.

Key insights

The US government is preparing to counter alleged industrial-scale AI intellectual property theft by Chinese entities using distillation attacks.

Principles

• Distillation attacks leverage repeated prompting to clone AI models.
• Evading detection involves proxy accounts and jailbreaking techniques.

Method

Foreign entities allegedly use "tens of thousands of proxy accounts" and "jailbreaking techniques" to prompt US frontier AI systems over 100,000 times, extracting proprietary information to train copycat models.

In practice

• Monitor for high-volume, suspicious prompting activity.
• Implement robust account verification processes.
• Assess legal frameworks for IP protection against model extraction.

Topics

• AI Intellectual Property Theft
• Distillation Attacks
• US-China AI Competition
• Export Controls
• Economic Espionage Act

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Policy Maker, Legal Professional, AI Security Engineer

Related on AIssential

• Anthropic slams Chinese AI firms for harvesting data from its Claude chatbot — AI frontier models accessed via APIs present a new attack surface for industrialized data distillation.
• Super Micro Co-Founder Arrested for Smuggling $2.5 Billion in NVIDIA GPUs to China — A sophisticated scheme allegedly diverted billions in US AI servers to China, raising national security and export control enforcement concerns.
• Chinese AI companies that distribute products globally—directly or indirectly—are increasingly exposed to U.S. litigation theories that hinge on U.S. market effects. — Cross-border AI copyright litigation is becoming enforceable, shifting focus from jurisdictional reach to merits and compliance.
• Chinese tech workers are starting to train their AI doubles–and pushing back — AI tools are prompting tech workers to automate their roles, raising concerns about job security and worker identity.
• Trump science advisor says Chinese actors are copying American AI at massive scale — China is allegedly using large-scale distillation to copy US AI models, stripping safety features in the process.
• Taiwan Seeks to Detain Three in AI Chip Smuggling Crackdown — The provided content is a paywall or error page from Bloomberg.com, preventing access to the full article.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by AI - Ars Technica.