Anthropic has accused Chinese technology giant Alibaba of running the largest known unauthorized “distillation” attack against Claude, allegedly using nearly 25,000 fraudulent accounts to extract advanced AI capabilities over a six-week period.
TL;DR
- Anthropic claims Alibaba-linked operators generated more than 28.8 million Claude exchanges between April 22 and June 5, 2026.
- The company says the effort targeted Claude’s software engineering, agentic reasoning, and long-horizon task planning capabilities.
- Alibaba has not publicly responded to the allegations yet.
Anthropic has accused Alibaba Group of illicitly extracting capabilities from its Claude AI models, adding another major flashpoint to the escalating US-China AI rivalry.
According to Reuters, Anthropic said operators affiliated with Alibaba and Alibaba Qwen, the Chinese company’s AI lab, conducted what it called the largest known attack of its kind against the company. The campaign allegedly ran from April 22 to June 5, 2026, generating more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts.
The method at the center of the accusation is known as distillation. In simple terms, it involves training a less capable AI model on outputs from a stronger model. Anthropic has previously said distillation can be legitimate when companies use it on their own systems, but it becomes illicit when competitors use it to acquire another lab’s capabilities without building them independently.
Business Insider reported that Sarah Heck, Anthropic’s head of policy, told US Senators Tim Scott and Elizabeth Warren in a June 10 letter that Alibaba-affiliated operators tried to “illicitly extract Claude’s capabilities” to train Alibaba’s own AI models. Heck also reportedly said such attacks are carried out “illicitly, systematically, and at industrial scale.”
Bloomberg Law reported that the campaign targeted some of Claude’s most valuable capabilities, including software engineering and agentic reasoning. The Wall Street Journal also reported that Anthropic described the incident as the largest known distillation attack against the company to date.
The allegation is not isolated. In February 2026, Anthropic said it had identified industrial-scale campaigns by DeepSeek, Moonshot, and MiniMax that generated more than 16 million Claude exchanges through around 24,000 fraudulent accounts. At the time, Anthropic warned that such campaigns were “growing in intensity and sophistication” and called for coordinated action from industry players, policymakers, and the global AI community.
Topics for more insights:
Anthropic says the concern is not just commercial. It argues that models built through illicit distillation may lack the safeguards used in frontier systems, potentially allowing advanced AI capabilities to spread into cyber, surveillance, military, or disinformation use cases with fewer protections.
Reuters also noted that the letter was sent ahead of a US Senate Banking Committee hearing on AI and that Anthropic supports US government efforts such as threat-intelligence sharing with private AI companies. Alibaba did not immediately respond to Reuters’ request for comment.
The case arrives as Alibaba faces growing scrutiny in the US. Reuters reported that Alibaba was added to the Pentagon’s Chinese military companies list this month, a designation it is challenging. Business Insider also reported that Alibaba sued the US government over that designation.
For the AI industry, the bigger question is how frontier model makers can defend their systems when access can be spread through fake accounts, resellers, proxies, and API-style usage patterns. If Anthropic’s allegations are proven, the incident could accelerate pressure for stronger identity checks, model-output monitoring, export controls, and cross-company threat sharing.


