Anthropic Accuses Chinese AI Labs of Stealing Claude's Know-How Through Millions of Queries

Anthropic revealed that Chinese AI labs, including DeepSeek and Moonshot AI, used thousands of fraudulent accounts to steal the core capabilities of its AI model, Claude.

This incident signals that the U.S.-China AI competition is shifting from a hardware race over chips to a software war over model knowledge and know-how.

This type of "distillation" attack occurred because stringent U.S. export controls and corporate policies made it difficult for Chinese firms to close the technology gap through legitimate means.

Anthropic recently uncovered a large-scale effort by Chinese AI labs to steal the capabilities of its advanced AI model, Claude.

At the heart of this issue is a technique called distillation. Imagine trying to copy a brilliant chef's skills not by stealing their recipe book, but by ordering every dish on their menu thousands of times to figure out the secret ingredients and techniques. That's essentially what happened here. Chinese firms, including DeepSeek, Moonshot AI, and MiniMax, allegedly used over 24,000 fake accounts to bombard Claude with more than 16 million questions. Their goal wasn't to use Claude as a normal user would, but to systematically extract its unique abilities in reasoning, coding, and tool use to train their own competing models.

This event is significant because it marks a major shift in the U.S.-China technology competition. For years, the focus has been on hardware—specifically, restricting China's access to advanced semiconductor chips needed to train powerful AI. This incident, however, shows the battleground is expanding to the AI models themselves. It's no longer just about who has the best chips, but about who can protect their model's intellectual property and know-how.

The causal chain leading to this is quite clear. First, the U.S. government implemented strict export controls on AI chips and began regulating AI model access. Second, major U.S. AI labs like Anthropic and OpenAI updated their Terms of Service (ToS) to prohibit using their models to train competitors and blocked access from China. These restrictions created a powerful incentive for Chinese companies, who were falling behind, to find a workaround. The solution was to use proxy networks and fraudulent accounts to bypass the restrictions and distill the knowledge from U.S. models.

Anthropic has framed this not just as a commercial dispute but as a national security risk. If these copied capabilities are used in military or surveillance systems with fewer safety guardrails, the implications could be serious. This event will likely lead to calls for tighter security at the cloud level and new regulations targeting this new front in the AI data war.

Distillation: In AI, this is a process where a smaller, more efficient model (the "student") is trained to mimic the behavior and outputs of a larger, more powerful model (the "teacher"). In this case, it was used to steal proprietary capabilities.
Terms of Service (ToS): The legal agreement between a service provider and a user. It outlines the rules and guidelines for using the service, which in this case prohibited using model outputs to train competing AIs.
API (Application Programming Interface): A set of rules and tools that allows different software applications to communicate with each other. Companies used Claude's API to send millions of automated queries.

Anthropic Accuses Chinese AI Labs of Stealing Claude's Know-How Through Millions of Queries

Anthropic revealed that Chinese AI labs, including DeepSeek and Moonshot AI, used thousands of fraudulent accounts to steal the core capabilities of its AI model, Claude.

This incident signals that the U.S.-China AI competition is shifting from a hardware race over chips to a software war over model knowledge and know-how.

This type of "distillation" attack occurred because stringent U.S. export controls and corporate policies made it difficult for Chinese firms to close the technology gap through legitimate means.

Anthropic recently uncovered a large-scale effort by Chinese AI labs to steal the capabilities of its advanced AI model, Claude.

Distillation: In AI, this is a process where a smaller, more efficient model (the "student") is trained to mimic the behavior and outputs of a larger, more powerful model (the "teacher"). In this case, it was used to steal proprietary capabilities.
Terms of Service (ToS): The legal agreement between a service provider and a user. It outlines the rules and guidelines for using the service, which in this case prohibited using model outputs to train competing AIs.
API (Application Programming Interface): A set of rules and tools that allows different software applications to communicate with each other. Companies used Claude's API to send millions of automated queries.