AI Model Theft: Anthropic Accuses Chinese Labs of Claude Capabilities Extraction
US artificial intelligence company Anthropic said on Monday it had uncovered campaigns by three Chinese AI firms to illicitly extract capabilities from its Claude chatbot, in what it described as industrial-scale intellectual property theft. OpenAI leveled similar charges last month. The accusations highlight growing concerns about AI model theft, the use of proxy services and the implications for US export controls.
The Accusations: Distillation and Fraudulent Accounts
Anthropic alleges that DeepSeek, Moonshot AI, and MiniMax orchestrated coordinated campaigns to siphon off Claude’s capabilities using a technique known as “distillation.” Distillation involves using the outputs from a more powerful AI system – in this case, Claude – to rapidly boost the performance of a less capable one. According to Anthropic, the firms generated over 16 million exchanges with Claude through approximately 24,000 fake accounts [TechCrunch].
These campaigns specifically targeted Claude’s most differentiated capabilities: agentic reasoning, tool use, and coding. Anthropic stated that “These campaigns are growing in intensity and sophistication,” and warned that “The window to act is narrow.” [TechCrunch]
Circumventing Restrictions and Export Controls
To bypass Anthropic’s ban on commercial access from China, the labs allegedly routed traffic through proxy services that managed the vast networks of fraudulent accounts. This allowed them to circumvent US export controls on advanced chips intended to preserve American dominance in AI [TechCrunch]. The practice effectively allows the Chinese firms to acquire advanced AI capabilities at a fraction of the cost of independent development.
OpenAI’s Similar Claims and DeepSeek’s Rise
Anthropic’s accusations follow similar claims made by OpenAI earlier this month, accusing DeepSeek of using distillation to mimic its products [TechCrunch]. DeepSeek gained prominence last year with the release of its open-source R1 reasoning model, which reportedly matched the performance of leading American chatbots at a significantly lower cost [TechCrunch]. DeepSeek is expected to release DeepSeek V4 soon, which reports suggest could outperform both Claude and ChatGPT in coding [TechCrunch].
National Security Concerns and the Need for Coordinated Action
Anthropic argues that models built through illicit distillation are unlikely to retain the safety guardrails designed to prevent misuse, such as restrictions on developing bioweapons or enabling cyberattacks [TechCrunch]. The company has called for coordinated industry and government responses, stating that no single entity can address the issue alone [TechCrunch].
Hypocrisy Claims and Data Scraping Concerns
Anthropic’s accusations have been met with claims of hypocrisy, as the company itself has faced criticism for scraping data from the internet to train its AI models, including potentially copyrighted material [PCMag].
Campaign Specifics
The scale of the attacks differed between the firms. Anthropic tracked over 150,000 exchanges from DeepSeek focused on improving foundational logic and alignment, particularly around censorship-safe alternatives to sensitive queries [TechCrunch]. Moonshot AI generated over 3.4 million exchanges targeting agentic reasoning, tool use, coding, data analysis, and computer vision [TechCrunch]. MiniMax ran the largest operation, generating over 13 million exchanges [TechCrunch].