Anthropic has accused Alibaba Group of orchestrating one of the largest known efforts by a Chinese company to extract capabilities from a leading U.S. artificial intelligence model, according to a letter the AI company sent to several U.S. senators and White House officials.
The letter claims that operators linked to Alibaba’s Qwen AI lab used nearly 25,000 fraudulent accounts to conduct 28.8 million exchanges with Anthropic’s Claude model between April and June. The activity focused on the model’s most advanced functions, including software engineering and agentic reasoning, in what Anthropic described as an attempt to replicate those capabilities at far lower cost through a process known as adversarial distillation, Bloomberg reports.
Anthropic said the campaign represented the most significant effort yet by a Chinese firm to leverage outputs from top U.S. models to accelerate its own development. The company warned that such distillation attacks are being carried out at industrial scale and that the resulting systems often lack the safety measures built into frontier U.S. models.
"These distillation attacks are carried out illicitly, systematically, and at industrial scale to harvest US Al capabilities across frontier labs and repackage them as their own without incurring the training and R&D costs required to train US frontier models," Anthropic wrote in its letter.
Alibaba declined to comment. An Anthropic spokesperson declined to discuss specifics of the letter but stressed the need for coordinated action between government and industry to address the issue.
The practice has alarmed US developers to the point that Anthropic, OpenAI and Alphabet Inc.’s Google have joined forces to share information about distillation attempts that violate their terms of service. Anthropic and OpenAI have each warned that Chinese AI startups, including DeepSeek and Minimax, have employed distillation to develop their own models. -Bloomberg
The letter arrives as U.S. policymakers consider new measures to restrict Chinese access to American AI capabilities. Sen. Bill Hagerty, R-TN., and Sen. Andy Kim, D-NJ, are preparing an amendment to defense legislation that would blacklist or sanction Chinese firms found to improperly use U.S. model outputs for training competing systems. A related bipartisan bill in the House, sponsored by Rep. Bill Huizenga, R-MI, and Rep. Sydney Kamlager-Dove, D-CA, is also under consideration for inclusion in the annual defense measure.
Anthropic’s letter noted that the Alibaba-linked activity continued after a White House memo in April directed agencies to crack down on large-scale exploitation of U.S. AI models through proxy accounts. The company urged the administration to take stronger steps to halt the practice, including clarifying antitrust rules to allow greater information sharing among U.S. firms and imposing penalties on entities engaged in systematic distillation.
The accusations add to existing pressure on Alibaba. Earlier this month, the Defense Department added the company to its list of Chinese firms designated as supporting the People’s Liberation Army. Alibaba has denied any military affiliation and filed a lawsuit this week seeking to overturn the designation.
The letter also comes at a moment of friction between Anthropic and the Trump administration. Less than two weeks ago, the Commerce Department imposed export controls on two of Anthropic’s newest models, Fable 5 and Mythos 5, citing national security concerns. Anthropic disabled access to those models for all users while it works to comply with the restrictions.
Anthropic said the Alibaba campaign fits a pattern seen in earlier efforts by other Chinese developers that the company flagged publicly earlier this year. The firm has joined OpenAI and Google in sharing information about suspected distillation attempts that violate their terms of service. Those companies have argued that the practice allows Chinese labs to acquire advanced capabilities without incurring the full research and development costs or implementing comparable safety controls.