Anthropic Accuses Alibaba of Largest Known Distillation Attack — 29 Million Claude Conversations

Anthropic sent a formal letter to the US Senate Committee on Banking, Housing, and Urban Affairs accusing Alibaba's Qwen AI division of conducting the largest known distillation attack in AI history.

The accusation details:

• 28.8 million total conversations with Claude generated through 24,975 fraudulent accounts over 44 days (April 22 to June 5, 2026)

• The average fraudulent account generated approximately 1,155 conversations — a level of structured, systematic interaction inconsistent with legitimate user behavior

• Targeted capabilities included Claude's advanced agentic reasoning, software engineering assistance, and long-horizon task completion — the same capabilities that made Mythos Preview subject to export controls

• Attribution to Alibaba Qwen is based on API access patterns, account registration data, and prompting patterns matching known Qwen model training optimization techniques

• This attack dwarfs previous documented attempts: DeepSeek (150,000 exchanges), Moonshot AI (3.4 million exchanges), and MiniMax (13 million exchanges)

Anthopic's decision to send the accusation directly to the Senate Banking Committee — rather than pursuing civil litigation exclusively — is a calculated escalation. The committee's jurisdiction over financial sanctions and export controls means Anthropic is requesting legislative tools: expanded sanctions authority, mandatory AI platform authentication requirements, and new penalties for AI capability theft.

CNBC confirmed the accusation independently through corroborating documents.

Why It Matters: AI model capabilities are now being treated as intellectual property assets with national security dimensions. Any organization exposing proprietary AI behavior through public-facing APIs faces the same vulnerability — systematic behavioral scraping can replicate unique AI capabilities without ever accessing model weights.