Anthropic is rolling out a stricter enforcement regime designed to stop Chinese entities from accessing its Claude models, whether through direct API abuse or the kind of elaborate workarounds that its existing rules technically didn’t cover.
The proximate cause is hard to ignore. According to a letter Anthropic sent to U.S. senators on June 10, 2026, operatives linked to Alibaba’s Qwen AI lab executed what the company described as the largest known distillation attack it has ever identified. Between April 22 and June 5, 2026, roughly 25,000 fraudulent accounts generated more than 28.8 million interactions with Claude. The goal: systematically extract Claude’s capabilities to train a competing model without paying for the research that produced them.
What a distillation attack actually is
Distillation means feeding a powerful model enormous volumes of questions and logging its answers, then using that data to train a cheaper model that mimics the original’s behavior.
In its June letter to senators, Anthropic called for two things: better information sharing between U.S. AI companies when distillation attacks are detected, and significantly harsher penalties for anyone caught running one.












