Anthropic has accused three Chinese AI startups—DeepSeek, Moonshot, and MiniMax—of conducting a large-scale campaign to exploit Claude to enhance their own models.

The labs in China generated over 16 million interactions with the chatbot through approximately 24,000 fraudulent accounts, violating usage terms and regional restrictions.

“We have high confidence in linking each campaign to a specific firm based on correlations of IP addresses, request metadata, infrastructural indicators, and confirmations from industry partners. They targeted Claude's most unique capabilities: agent reasoning, tool usage, and programming,” said Anthropic.

The firms employed distillation—training a less powerful neural network on the outputs of a more powerful one.

This is a widely used and legitimate method. Leading AI labs regularly distill their own models to create compact and cost-effective versions for clients.

“However, it can also be used illegally: competitors enhance their capabilities at the expense of others' LLMs with minimal time and costs compared to developing their own,” stated Anthropic in their blog.

The company emphasized that the window for responding to such “theft” is narrow, and the threat extends beyond a single company or region. Quick and coordinated actions from the industry, regulators, and the global AI community will be necessary to address it.

Why This is Dangerous

Anthropic explained the risks associated with this approach. Illegally distilled models do not retain necessary protective mechanisms, creating national security issues.

American companies are implementing systems to prevent the use of AI in developing biological weapons, malicious cyberattacks, and other dangerous activities. Models created through illegal distillation do not receive such restrictions.

Foreign labs could integrate unprotected capabilities into military and intelligence systems, allowing authoritarian governments to leverage advanced AI for cyberattacks, disinformation, and mass surveillance, the company added.

Ways to Combat This

Experts at Anthropic supported export restrictions to maintain U.S. leadership in AI. They stated that distillation attacks undermine these measures, allowing foreign labs to close the technological gap.

“Without transparency regarding such attacks, the rapid progress of Chinese labs is mistakenly interpreted as evidence of the ineffectiveness of export restrictions. In practice, their achievements largely depend on extracting capabilities from American models, and scaling such an approach requires access to advanced chips,” the company noted in its blog.

Anthropic outlined its own countermeasures:

  • Improving the detection system for distillation patterns;
  • Sharing technical indicators with other labs and cloud providers;
  • Strengthening verification of educational and research accounts;
  • Implementing countermeasures that reduce the effectiveness of illegal distillation.

This is not the first such accusation. In January 2025, shortly after DeepSeek-R1's explosive launch, the company was suspected of stealing data from OpenAI.

Continued Struggle with the Pentagon

Anthropic CEO Dario Amodei will meet with Defense Secretary Pete Hegseth at the Pentagon to discuss the military's use of the company's AI models.

Recently, there have been disagreements between the parties—Anthropic opposes the use of AI for mass surveillance of U.S. citizens and the creation of autonomous weapons. The Pentagon has made it clear that they intend to use LLMs “for all lawful scenarios” without restrictions.

It has reached the point where the Pentagon indicated a possible termination of the contract with Anthropic.

AI Vulnerability Scanner

Shares of leading public cybersecurity companies fell after Anthropic launched the Claude Code Security tool—an AI vulnerability scanner for code.

The company states that the new service “analyzes the entire codebase for vulnerabilities, checks each finding to minimize false positives, and suggests fixes.”

Claude conducts analysis “like an experienced security researcher”: it understands context, tracks data flows, and identifies vulnerabilities.

According to VentureBeat, Claude Opus 4.6 identified over 500 critical vulnerabilities that had persisted for decades despite expert reviews.

The five largest publicly traded American companies in IT security have seen double-digit declines in their stock prices over the past five days in the wake of this AI competitor:

  • Palo Alto Networks — -14%;
  • CrowdStrike — -18%;
  • Fortinet — -12%;
  • Cloudflare — -18%;
  • Zscaler — -19%.

Chart of Palo Alto Networks stock pricing. Source: Yahoo Finance.

Wedbush analysts stated that the sell-off is linked to concerns over the so-called AI Ghost Trade. They believe the market's reaction is misguided, and Palo Alto, CrowdStrike, and Zscaler will prove their effectiveness by 2026.

Recall that in February, OpenAI, in collaboration with Paradigm, introduced EVMbench—a benchmark for assessing the ability of AI agents to identify, fix, and exploit vulnerabilities in smart contracts.