Anthropic accuses Alibaba of largest known distillation attack on Claude

Anthropic publicly accused Alibaba of carrying out what it called the largest known distillation attack against its Claude models — an unauthorized effort to extract model capabilities by systematically querying Claude and training a rival on the outputs. Related reporting referenced Anthropic's claim that Alibaba used roughly 25,000 fake accounts to distill Claude, indicating a large-scale, coordinated extraction rather than incidental scraping.
Model distillation attacks work by treating a target model as a teacher: an attacker floods it with prompts, captures the responses, and uses that data to fine-tune a cheaper student model that approximates the original's behavior. At scale, this can transfer meaningful capability while circumventing the cost of training a frontier model from scratch — and it's notoriously hard to fully prevent because the model must respond to legitimate queries to be useful.
The accusation lands amid escalating US–China AI tensions and directly complicates Alibaba's positioning as it touts frontier models like Qwen3.7-Max. It also spotlights a genuine security gap in frontier-model deployment: even well-defended APIs are vulnerable to patient, distributed extraction. The 25,000-fake-account detail, if accurate, suggests detection and account-integrity controls were the primary failure point.
Strategically, the dispute reinforces the week's US–China frontier rivalry, sitting alongside DeepSeek's raise, cheaper Chinese models capturing OpenRouter share, and government export controls on frontier models. It gives Western labs and policymakers a concrete example to cite in debates over model security and export policy. Watch for Alibaba's response, any evidence Anthropic publishes, and whether this prompts new anti-distillation defenses or contractual/legal action across the industry.