Anthropic has accused Chinese e-commerce and technology giant Alibaba of orchestrating a massive campaign to illicitly extract capabilities from its Claude AI models, in what the company describes as the largest known model distillation attack against it.

According to a letter seen by Reuters, the campaign was conducted between April 22 and June 5, 2026, generating more than 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts. Anthropic alleges that operators affiliated with Alibaba and its AI lab Alibaba Qwen carried out the operation.

What Is Model Distillation and Why It Matters

Model distillation is a technique where a less capable AI model is trained on the outputs of a more powerful one — essentially learning by copying the stronger model's responses. While distillation is a legitimate research practice when done with consent, Anthropic says Alibaba's campaign was conducted on an industrial scale without authorization.

Anthropic stated that the distillation effort was designed to accelerate China's ability to reach the capabilities of its advanced Mythos Preview model. This follows a similar incident in February 2026, when Anthropic identified a campaign by Chinese AI startup DeepSeek and two other Chinese AI labs.

Also read: US blocks foreign access to Anthropic's most advanced AI — India calls it a wake-up call

28.8 Million Queries: How the Attack Worked

The sheer scale of the operation is unprecedented. Generating 28.8 million exchanges in just 44 days means the attackers averaged over 654,000 queries per day. To evade detection, they used approximately 25,000 different accounts, distributing the queries across a vast pool of identities to avoid triggering rate limits or abuse detection systems.

The attackers systematically queried Claude across a wide range of tasks, collecting the model's responses to train a competing system. Anthropic has not disclosed whether the distillation successfully replicated Mythos Preview-level capabilities, but the scale suggests a determined, well-resourced effort.

Broader US-China AI Tensions

The incident occurs against a backdrop of escalating US-China tensions over AI technology. On June 12 — just two days after Anthropic sent its letter to Alibaba — the US Commerce Department imposed controversial export restrictions on Anthropic's latest Mythos and Fable AI models, citing concerns they could be deployed by military intelligence users in China and other countries of concern.

The restrictions forced Anthropic to disable access to those models globally. The company has expressed support for US government efforts to combat these attacks, including partnering through threat-intelligence sharing initiatives.

Alibaba has not responded to requests for comment on the allegations.

Also read: ChatGPT investigations raise AI safety questions globally

What This Means for AI Companies and India

Model distillation attacks pose a fundamental challenge for AI companies that invest billions in training frontier models. If proprietary capabilities can be extracted at a fraction of the training cost, the economic moat around leading AI systems erodes significantly.

For India, the escalating US-China AI rivalry creates both risks and opportunities. Indian AI startups may face increased scrutiny when accessing US frontier models, but also have an opportunity to position themselves as a trusted third option between the US and China. Indian enterprises using AI services should be aware of model security risks in their supply chains.

The incident also highlights the importance of robust abuse detection systems. With 25,000 fraudulent accounts evading detection for 44 days, it raises questions about whether AI companies' fraud detection capabilities have kept pace with the scale of model theft attempts.

Sources: Reuters, US News & World Report, Bloomberg, The Australian Financial Review