Anthropic has accused Chinese tech giant Alibaba of orchestrating the largest campaign ever to illegally copy its Claude AI model, generating over 28.8 million interactions through nearly 25,000 fraudulent accounts between April and June 2026. The revelation exposes a critical vulnerability in the US-China AI competition: even as the Trump administration tightens export controls on advanced chips, Chinese companies are finding cheaper ways to catch up by stealing the capabilities of American AI systems rather than building their own from scratch.

In a confidential letter sent to Senators Tim Scott and Elizabeth Warren on June 10, Anthropic detailed how Alibaba and its AI research division, Alibaba Qwen, allegedly targeted Claude's most valuable features, including advanced reasoning abilities, software engineering skills, and long-horizon task planning. The attackers used obfuscation techniques and proxy networks to evade detection, according to Anthropic's account.

Why Is This Attack Different from Previous Cloning Attempts?

This campaign stands out not just for its scale but for its timing and apparent disregard for official warnings. In April 2026, President Trump had already accused China of "industrial-scale" AI theft after Anthropic revealed that three other Chinese firms, DeepSeek, Moonshot, and MiniMax, had conducted similar attacks generating over 16 million exchanges with Claude through approximately 24,000 fraudulent accounts. Yet Alibaba allegedly continued its extraction efforts weeks after Trump's memo explicitly warned that cloning attempts were "unacceptable".

Anthropic emphasized that Alibaba's behavior was particularly brazen because the company maintains significant ties to the United States. Alibaba is listed on the New York Stock Exchange, operates US business operations, and answers to American investors and regulators. The company's apparent willingness to proceed despite these connections and Trump's explicit warnings suggests that the incentives to copy US AI models may outweigh the risks of regulatory punishment.

What Makes These Distillation Attacks So Dangerous?

The attacks represent what Anthropic calls a "growing circumvention economy," where Chinese labs can bypass the enormous costs of training frontier AI models from scratch. Building a state-of-the-art AI model like Claude requires hundreds of billions of dollars in research and development investment. By extracting Claude's capabilities through fraudulent account access, Alibaba could potentially accelerate its own AI development without incurring those massive training costs.

Anthropic warned that if these distillation attacks succeed at scale, they effectively turn "hundreds of billions of dollars in American investment and R&D into a massive subsidy for our geopolitical competitors." The concern extends beyond economic loss. If China develops AI models with capabilities matching or exceeding Anthropic's Mythos model, which excels at finding cybersecurity vulnerabilities, the national security implications could be severe.

Anthropic

Chinese tech leaders have publicly acknowledged the stakes. At a cybersecurity conference in Beijing, 360 Security Technology founder Zhou Hongyi described Anthropic's Mythos as a "cyber nuclear weapon" and warned that China's lack of access to the model puts the country at a significant disadvantage. Zhou noted that Project Glasswing, which granted more than 40 US organizations access to Mythos Preview to strengthen cyber defenses, excluded China entirely. He argued that China must race to develop its own Mythos-equivalent model to avoid being left behind in what he called a "game-changing weapon in cyber warfare".

Zhou Hongyi

How to Strengthen AI Security Against Distillation Attacks

Anthropic has proposed a three-part legislative framework to combat these threats and maintain US AI leadership:

• Antitrust Law Updates: Allow AI companies to share information about evolving Chinese tactics and attack patterns without violating antitrust regulations, enabling the industry to coordinate defenses more effectively.
• Enhanced Chip Export Controls: Implement stricter restrictions on Chinese access to advanced semiconductors, making it computationally infeasible for Chinese labs to train on outputs from US models or conduct large-scale distillation attacks.
• Penalties for Bad Behavior: Pass legislation that penalizes Chinese AI labs for conducting distillation attacks, potentially by restricting their access to US models, advanced chips, or overseas data centers.

These measures reflect a shift in how policymakers view the AI competition. Rather than focusing solely on chip restrictions, which have proven difficult to enforce, the focus is now on making distillation attacks themselves more costly and risky.

What Are the Broader Implications for US-China Competition?

Alibaba's alleged campaign underscores a fundamental challenge in the US-China AI race: controlling access to advanced models is harder than controlling access to hardware. While the US has successfully restricted China's ability to purchase cutting-edge semiconductors, Chinese companies have found workarounds by accessing US AI models through legitimate channels, then extracting their capabilities through automated attacks.

The stakes are particularly high because of the speed advantage that distillation provides. Anthropic warned that without stronger interventions, these attacks will "help China reach Mythos Preview-level capabilities sooner." The larger the capability gap between US and Chinese AI systems, the more time the US government has to prepare defensive measures and deploy AI systems across national security domains. If China closes that gap rapidly through distillation, the US loses that crucial preparation window.

Anthropic

Alibaba has already begun fighting back against US scrutiny. On Tuesday, the company filed a lawsuit challenging the Trump administration's designation of Alibaba as a company with military connections, claiming the blacklisting has "no basis in fact or law." Alibaba stated that it is "governed by an independent board, none of whom has any military affiliation" and that its products serve retail, logistics, and enterprise information technology, not defense or intelligence.

However, Anthropic remains unconvinced of Alibaba's independence from the Chinese government. The company's letter to Congress suggests that without coordinated government and industry action, the distillation attack threat will only grow. As Anthropic stated in a comment to the press, "We believe combating the threat of illicit distillation requires coordinated action between government and industry, and we will continue working with Congress and the Administration to maintain American AI leadership".

As Anthropic

The Alibaba case reveals that the real battleground in the US-China AI race may no longer be about who can build the most powerful models, but rather who can prevent others from copying them. For now, that battle appears to be tilting in China's favor.