Anthropic Accuses Alibaba of Largest Known Distillation Attack: 29 Million Claude Conversations Stolen
View original source →Anthropic sent a formal letter to the US Senate Committee on Banking, Housing, and Urban Affairs accusing Alibaba's Qwen AI division of conducting the largest known distillation attack in AI history.
Key points:
• Scale: 28.8 million total conversations with Claude, generated through 24,975 fraudulent accounts, conducted between April 22 and June 5, 2026 (44 days)
• The average fraudulent account generated approximately 1,155 conversations—a level of structured, systematic interaction inconsistent with legitimate user behavior
• Targeted capabilities: Claude's advanced agentic reasoning, software engineering assistance, and long-horizon task completion—the same capabilities that made Mythos Preview subject to the US export control order
• Attribution is based on API access patterns, account registration data, and prompting patterns matching known Qwen model training optimization techniques
• This dwarfs previous documented attempts: DeepSeek (150,000 exchanges), Moonshot AI (3.4 million), MiniMax (13 million)
• The Senate Banking Committee was chosen because its jurisdiction over financial sanctions and export controls enables legislative tools beyond civil litigation—expanded sanctions authority, mandatory authentication requirements, and new penalties for AI capability theft
• CNBC independently confirmed the accusation through corroborating documents
Why It Matters: If Chinese labs are systematically scraping frontier model outputs at this scale to train competitive models, any organization exposing proprietary AI behavior through public interfaces faces the same vulnerability. The distillation attack steals learned reasoning behavior by exhaustively sampling outputs—meaning organizational AI capabilities in system prompts or behavioral training can be replicated without accessing model weights.