AI Distillation Attacks: US Firms Accuse Chinese Labs of Intellectual Property Theft

American companies are facing a growing threat from sophisticated “distillation attacks” – a technique used to illicitly extract the capabilities of advanced AI models. Recent accusations leveled against several Chinese AI laboratories highlight the escalating tensions in the global race to develop artificial intelligence and raise concerns about national security risks.

What is AI Distillation?

Distillation, also known as Model Extraction Attacks (MEA), involves training a smaller, less capable AI model on the outputs of a larger, more powerful one. While a legitimate practice used by AI labs to create smaller, cheaper versions of their models for wider use [1], it can also be exploited for malicious purposes. Competitors can use distillation to rapidly acquire advanced capabilities without investing the significant time and resources required for independent development. [3]

The Accusations

Anthropic recently accused DeepSeek, Moonshot AI, and MiniMax of conducting “industrial-scale” distillation campaigns against its Claude model. [2] These firms allegedly generated over 16 million exchanges with Claude using approximately 24,000 fraudulent accounts, violating Anthropic’s terms of service and regional access restrictions. [1] OpenAI has made similar accusations, indicating a broader pattern of activity. [2]

How the Attacks Operate

The accused firms reportedly used commercial proxy services to bypass restrictions and gain access to Claude. Once access was secured, they generated large volumes of carefully crafted prompts designed to extract specific capabilities from the model. [2] By analyzing Claude’s responses to these prompts, they could train their own models to mimic its performance at a fraction of the cost. [3]

The Risks

Illicitly distilled models pose significant risks, particularly concerning national security. Anthropic and other US companies build safeguards into their AI systems to prevent misuse, such as the development of bioweapons or malicious cyber activities. [1] Models created through distillation are unlikely to retain these safeguards, potentially allowing dangerous capabilities to proliferate. [1]

Industry Response and Future Outlook

Addressing this threat requires coordinated action among industry players, policymakers, and the global AI community. [1] The window to act is narrow, as these campaigns are growing in intensity, and sophistication. The situation highlights the increasing importance of protecting intellectual property in the rapidly evolving field of artificial intelligence and the potential for an “AI Cold War” between the United States and China. [3]