Anthropic Accuses Alibaba of Running the Largest Known Model Distillation Attack on Claude

TL;DR: Anthropic says Alibaba used roughly 25,000 fake API accounts to run 28.8 million Claude exchanges — extracting training data for Alibaba's own models via adversarial distillation.

Anthropic wrote to U.S. officials accusing operators linked to Alibaba's Qwen AI lab of running a months-long adversarial distillation campaign. Between April 22 and June 5, 2026, around 25,000 fraudulent accounts generated nearly 29 million exchanges with Claude — specifically targeting its software engineering and agentic reasoning capabilities. Anthropic calls it "the largest known distillation attack on Anthropic to date."

The technique is known in the ML literature: a weaker "student" model trains on the outputs of a stronger "teacher" to inherit its capabilities at a fraction of the development cost. At API scale, an attacker can systematically sample outputs across task types to build a coverage dataset — without public disclosure or licensing.

Alibaba hasn't responded publicly.

Why it matters: Anthropic is now actively detecting large-scale API misuse patterns. If your team runs high-volume benchmarking, regression testing, or fine-tuning data generation using Claude's API outputs, verify your usage is within Anthropic's Acceptable Use Policy — unusual traffic patterns, especially those targeting specific capability domains, will be flagged.

Sources: CNBC | Bloomberg | Business Standard