Anthropic demands punishment for largest Claude cloning attack
▼ Summary
– Anthropic accused Alibaba of conducting the largest known campaign to copy its Claude AI model, generating over 28.8 million exchanges through nearly 25,000 fraudulent accounts between April 22 and June 5.
– The attacks targeted Claude’s most valuable capabilities, including agentic reasoning, software engineering, and long-horizon tasks, violating terms of service and access restrictions.
– Alibaba allegedly evaded detection using obfuscation techniques and proxy networks, with Anthropic warning of a growing “circumvention economy” to support future distillation attacks.
– Anthropic stated that Alibaba’s aim was to extract Claude’s capabilities without incurring the training and R&D costs, turning US investment into a subsidy for geopolitical competitors.
– The campaign occurred after Trump took steps to curb such attacks, following prior accusations against Chinese firms DeepSeek, Moonshot, and MiniMax for similar illicit distillation activities.
Anthropic has formally accused the Chinese tech giant Alibaba of orchestrating what it describes as the most aggressive campaign yet to replicate its Claude AI model. The allegation comes as China intensifies efforts to close the gap with American frontier AI systems, particularly after the release of Mythos and subsequent restrictions that limited foreign access.
A letter obtained by Ars, dated June 10 and addressed to Senators Tim Scott (R-SC) and Elizabeth Warren (D-Mass.), was sent just one day before a Senate committee hearing titled “AI and the American Dream.” In that correspondence, Anthropic revealed what it called “new, confidential evidence of the largest campaign to illicitly extract Claude’s capabilities we have ever measured.”
According to Anthropic, the attacks unfolded between April 22 and June 5. During that window, “operators affiliated with Alibaba and Alibaba Qwen, Alibaba’s AI lab” allegedly generated “more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts.” The company stated that this effort violated Claude’s terms of service and access restrictions, and it specifically targeted “some of Claude’s most valuable capabilities, such as agentic reasoning, software engineering, and long-horizon tasks.”
To evade detection, Anthropic claims Alibaba employed obfuscation techniques and proxy networks. As demand for reliable obfuscation methods grows in China, Anthropic warned of a rising “circumvention economy” that could fuel an expanding web of future distillation attacks.
The company further alleged that Alibaba ignored warnings from the Trump administration. Like other Chinese labs attempting to copy U. S. frontier models, Anthropic said Alibaba’s goal was to extract Claude’s capabilities “without incurring the training and R&D costs required to train” their own frontier model. These attacks, Anthropic argued, have become “widespread” and effectively “turn hundreds of billions of dollars in American investment and R&D into a massive subsidy for our geopolitical competitors.”
Notably, Anthropic pointed out that the Alibaba campaign occurred after President Donald Trump took steps to curb such illicit distillation attacks and protect U. S. national security. In April, Trump accused China of engaging in “industrial-scale” AI theft after Anthropic previously accused Chinese firms DeepSeek, Moonshot, and MiniMax of using similar tactics to generate “over 16 million exchanges with Claude through approximately 24,000 fraudulent accounts.” Both OpenAI and Google have also published findings on comparable attacks targeting their models, according to Anthropic.
(Source: Ars Technica)
