CHINA SENT 25,000 GHOST ACCOUNTS INTO CLAUDE AND RAN 28 MILLION FAKE CONVERSATIONS TO STEAL ITS BRAIN
The scale of China’s effort to extract Anthropic’s intellectual property through its own product is now part of the congressional record. In a letter sent to U.S. senators on June 10, Anthropic revealed that operatives linked to Alibaba’s Qwen AI lab conducted what the company described as the largest known distillation attack it has ever identified. Between April 22 and June 5 of this year, approximately 25,000 fraudulent accounts ran more than 28.8 million interactions with Claude, systematically querying the model to harvest its outputs and train a competing system.
The technique is called distillation. A competitor does not steal the model itself. It asks the model thousands of questions across carefully engineered prompts designed to elicit full reasoning capability, then uses those question and answer pairs to train a cheaper version of the same thing. The target is not user data. The target is the model.
Beyond the Alibaba attack, Anthropic also found that firms including Ant Group and ByteDance had routed corporate Claude access through Singapore subsidiaries and personal VPN subscriptions, both violations of Anthropic’s terms of service. Anthropic’s response includes computer time-zone monitoring, usage pattern detection, and government-issued ID verification for flagged accounts. The enforcement is ongoing and the workarounds, by Anthropic’s own admission, are still being discovered in real time.
Keywords: Anthropic China distillation attack, Alibaba Qwen Claude, AI data theft, Anthropic Chinese access loopholes