Anthropic accuses Alibaba of using 25,000 fraudulent accounts to probe Claude AI models

Anthropic just lobbed a very public grenade at one of China’s biggest tech conglomerates. In a letter sent to US senators and White House officials, the company behind Claude AI accused Alibaba’s Qwen AI lab of orchestrating an industrial-scale operation to siphon proprietary knowledge from its models.

The numbers are staggering. Anthropic claims roughly 25,000 fraudulent accounts were used to conduct 28.8 million interactions with Claude between April 22 and June 5, 2026. That’s not someone poking around out of curiosity. That’s a coordinated extraction campaign.

What a distillation attack actually looks like

A distillation attack involves systematically querying a more advanced AI model to generate training data for a competing, typically cheaper model. The attacker doesn’t need to steal source code. They just need enough high-quality outputs to teach their own system how to mimic the target.

Anthropic’s letter, dated June 10 and addressed to Sens. Tim Scott and Elizabeth Warren along with White House officials, describes the operation as “the largest known distillation attack on Anthropic to date.” The company says the fraudulent accounts specifically targeted Claude’s capabilities in software engineering and agentic reasoning, two of the most commercially valuable frontiers in AI development.