Anthropic says Alibaba used fake accounts to distill Claude AI data

Anthropic said operators affiliated with Alibaba and its Qwen AI lab ran what it called the largest known distillation attack it had identified against the company, using nearly 25,000 fraudulent accounts to generate more than 28.8 million exchanges with Claude.

The alleged campaign ran from April 22 to June 5, 2026, and focused on Claude’s most advanced capabilities, including software engineering and agentic reasoning. Anthropic said the activity was designed to help improve Alibaba’s own AI system by using Claude outputs to train a smaller, less capable model, a practice Anthropic calls distillation.

Anthropic also said the accounts were used to get around its geographic restrictions, which bar access to Claude inside China. The company said its concern is not only that model outputs were copied, but that illicitly distilled systems can lose safety safeguards and create national security risks.

The allegations land in the middle of a wider U.S.-China fight over artificial intelligence, export controls and model security. Anthropic has already warned this year about similar distillation attempts by other Chinese AI developers, sharpening concern in Washington that frontier models can be exploited without a conventional breach of source code or infrastructure.

Anthropic sent the letter laying out the allegations to Senate Banking Committee Chairman Tim Scott and Ranking Member Elizabeth Warren on June 10, 2026. The timing places the dispute squarely before lawmakers who have been weighing how to treat advanced AI systems as strategic technology assets, not just commercial products.

The company’s account also highlights how thin the enforcement perimeter can be around frontier models. Nearly 25,000 fake accounts and 28.8 million exchanges point to a scale of interaction that could be hard to distinguish from legitimate user traffic, even as the target shifted toward the model behaviors most valuable for downstream replication.

Alibaba did not immediately respond to a request for comment. The silence leaves the allegation hanging over one of China’s most prominent AI groups and adds to pressure on U.S. officials who are already looking at model extraction as a security vulnerability as much as an intellectual property dispute.