Anthropic reports industrial-scale distillation attacks by Chinese AI labs on Claude

Industrial-scale model extraction operation

Anthropic has published findings detailing coordinated distillation attacks against Claude by three Chinese AI laboratories. The attacks involved creating fraudulent accounts at scale to extract Claude's reasoning capabilities through massive API interactions.

Key attack details from Anthropic's report

• DeepSeek, Moonshot, and MiniMax created over 24,000 fraudulent accounts
• Total exchanges with Claude exceeded 16 million
• MiniMax alone fired 13 million requests
• When Anthropic released a new model, MiniMax redirected nearly half its traffic within 24 hours
• DeepSeek specifically targeted thought chains and censorship-safe answers
• Attacks grew in sophistication over time as the labs adapted their methods

Security implications for AI developers

This incident highlights vulnerabilities in AI model security when billion-dollar labs systematically attempt to extract proprietary capabilities. The scale and persistence of these attacks—spanning multiple organizations and adapting to new model releases—suggests this represents an ongoing threat vector rather than isolated incidents.

The methods used (fraudulent account creation, targeted querying for specific capabilities, rapid adaptation to new model versions) could potentially be replicated against other AI systems, raising questions about the security of third-party AI tools that developers integrate into their workflows.