Summary
- Anthropic claims that operators linked to Alibaba executed the largest known campaign for AI model distillation against its Claude chatbot.
- The firm is urging Congress to enhance export regulations, improve intelligence sharing, and penalize companies involved in extensive model extraction.
- This request coincides with legislative discussions focused on unauthorized access to advanced U.S. AI models.
Anthropic is appealing to Congress to bolster defenses against AI model distillation, alleging that operators associated with Alibaba conducted a significant operation to extract capabilities from its Claude chatbot.
In a letter dated June 10 addressed to Tim Scott, the Chairman of the Senate Banking, Housing, and Urban Affairs Committee, and Elizabeth Warren, the Ranking Member, Anthropic claimed that Alibaba-affiliated operators managed to generate over 28.8 million exchanges with Claude between April 22 and June 5 by utilizing nearly 25,000 “fraudulent accounts,” which did not represent genuine users.
This practice, referred to as a distillation attack, was said by Anthropic to specifically target Claude's reasoning, software engineering, and long-term planning functionalities, enabling competitors to emulate advanced model performance without incurring the costs associated with training a cutting-edge AI system.
“This campaign was notable not only for its scale but also for its audacity,” Anthropic remarked. “Alibaba is publicly traded on the New York Stock Exchange, operates within the United States, and is subject to the oversight of U.S. investors and regulators.”
According to Anthropic, this initiative transcends mere intellectual property issues, framing large-scale model distillation as a matter of national security that could enhance China's military and cyber AI capabilities, thereby diminishing the technological advantage of the United States.
This appeal comes as Washington ramps up efforts to safeguard U.S. leadership in AI. Earlier this month, President Donald Trump signed an executive order aimed at enhancing AI-driven cybersecurity efforts after previously delaying the initiative due to apprehensions it might undermine America’s competitive edge against China.
“When PRC labs extract these capabilities from U.S. models, they reap the benefits of American investments without assuming the costs or risks involved in training advanced AI models,” Anthropic stated. “This reverses the economic rationale that supports American AI leadership, transforming billions of dollars worth of research and development, computing, and other U.S. investments into a subsidy for our rivals.”
Anthropic has urged lawmakers to increase intelligence sharing between leading AI developers and the U.S. government, clarify antitrust regulations to facilitate information sharing about distillation attacks among AI firms, tighten export restrictions on high-level AI chips and computing resources, close loopholes that permit Chinese companies to access international data centers, and enforce penalties on firms engaged in extensive model extraction.
An Anthropic spokesperson declined to offer specific comments on the letter but stated to Decrypt, "We believe that addressing the threat of illicit distillation necessitates coordinated efforts between the government and industry, and we will persist in collaborating with Congress and the administration to uphold American AI leadership."
This letter also builds upon Anthropic's earlier claims from February, asserting that Chinese AI developers DeepSeek, Moonshot AI, and MiniMax conducted over 16 million exchanges with Claude using around 24,000 fraudulent accounts.
The allegations faced skepticism from observers who pointed out that AI companies often employ similar techniques in training their systems. Anthropic has countered that standard distillation is an accepted practice for creating smaller, more cost-effective models, while unauthorized extraction of advanced model capabilities through deceptive access breaches its terms of service.
The ongoing discourse surrounding distillation has grown increasingly complex in recent months. In April, Elon Musk testified in federal court that xAI had "partly" utilized OpenAI models during the training of Grok, highlighting that distillation is a recognized industry standard—even as businesses debate where legitimate model training concludes and unauthorized model extraction commences.