Anthropic is pressing U.S. lawmakers to tighten the rules around AI model distillation, after accusing operators tied to Alibaba of running the biggest known attempt to siphon the capabilities of its Claude chatbot.
In a June 10 letter to Senate Banking, Housing, and Urban Affairs Committee Chairman Tim Scott and Ranking Member Elizabeth Warren, the company alleged that operators linked to Alibaba and its Qwen AI lab generated more than 28.8 million exchanges with Claude between April 22 and June 5, using nearly 25,000 accounts it described as "fraudulent", meaning they did not represent real, organic users.
What a distillation attack actually does
The technique, known as a distillation attack, allegedly zeroed in on Claude's agentic reasoning, software engineering, and long-horizon planning skills. By harvesting how the model responds, rivals can reproduce advanced behavior without paying the enormous cost of training a frontier AI system of their own.
"Beyond its scale, this campaign was striking for its brazen nature," Anthropic wrote, noting that "Alibaba is listed on the New York Stock Exchange, maintains business operations in the United States, and is accountable to U.S. investors and regulators."
Framed as a national security threat
Anthropic argued the issue runs deeper than intellectual property. It cast large-scale distillation as a national security problem, one that could speed up China's military and cyber AI capabilities while shrinking the United States' technological lead.
"When PRC labs distill these capabilities from U.S. models, they capture the returns on American investments without bearing the costs or risks associated with training frontier AI models," the letter said. "This inverts the economic logic that underwrites American AI leadership, turning billions of dollars' worth of research and development, compute, and other U.S. investments into a subsidy for our competitors."
The appeal lands as Washington sharpens its focus on protecting U.S. AI dominance. Earlier this month, President Donald Trump signed an executive order widening AI-powered cybersecurity programs, after holding it back over worries it might weaken America's standing against China.
What Anthropic wants Congress to do
The company laid out a list of asks for lawmakers:
- Expand intelligence sharing between frontier AI developers and the U.S. government.
- Clarify antitrust rules so AI companies can share information about distillation attacks.
- Tighten export controls on advanced AI chips and compute.
- Close loopholes that let Chinese firms tap overseas data centers.
- Impose penalties on companies behind large-scale model extraction.
An Anthropic spokesperson declined to comment specifically on the letter, but said: "We believe combating the threat of illicit distillation requires coordinated action between government and industry, and we will continue working with Congress and the administration to maintain American AI leadership."
Not the first such accusation
The letter builds on claims Anthropic made in February, when it said Chinese AI developers DeepSeek, Moonshot AI, and MiniMax had generated more than 16 million Claude exchanges using roughly 24,000 fraudulent accounts.
Those earlier allegations drew pushback from observers who pointed out that AI firms lean on similar techniques when training their own systems. Anthropic's response: conventional distillation is a legitimate way to build smaller, cheaper models, but pulling frontier capabilities through fraudulent access breaks its terms of service.
A blurry line across the industry
The fight over distillation has grown messier lately. In April, Elon Musk testified in federal court that xAI had "partly" used OpenAI models while training Grok, a reminder that distillation is a well-worn industry practice, even as companies keep arguing over where legitimate training ends and unauthorized extraction begins.
