Anthropic alleges Alibaba-linked operators targeted Claude's software engineering capabilities through mass distillation attacks

Anthropic just dropped a bombshell: operators linked to Alibaba’s ecosystem allegedly ran a massive, coordinated campaign to siphon capabilities from Claude’s AI models. The attack wasn’t subtle. It involved tens of thousands of fake accounts and millions of interactions designed to extract Claude’s software engineering and reasoning prowess.

The scale of the operation

According to Anthropic’s findings, three Chinese laboratories conducted these attacks: DeepSeek, Moonshot AI (which is backed by Alibaba), and MiniMax. Together, they created over 24,000 fake accounts and generated more than 16 million interactions with Claude’s models.

Moonshot AI was the most aggressive of the three. The Alibaba-backed lab alone accounted for over 3.4 million exchanges, all focused on extracting Claude’s capabilities in agentic reasoning, coding, and computer-vision tasks. That’s roughly 20% of the total interaction volume from a single operator.

Anthropic has since banned all accounts involved in the distillation activities. The company also noted that it does not offer commercial access to Claude in China, which means every one of those 24,000 accounts was created in violation of Anthropic’s terms of service from the start.