Anthropic accuses Alibaba of executing record-breaking 'Distillation Attack' to clone Claude

American frontier AI lab Anthropic has formally accused Chinese e-commerce and technology conglomerate Alibaba Group of executing a massive, industrial-scale cyber campaign to illicitly harvest the proprietary reasoning logic of its Claude AI models.

In a June 10, 2026, letter sent to U.S. Senators Tim Scott and Elizabeth Warren ahead of a high-profile Senate Banking Committee hearing, Anthropic Head of Policy Sarah Heck revealed that operators tied to Alibaba's Qwen AI division systematically bypassed geographic restrictions to vacuum up intellectual property.

The operation is being classified as the largest adversarial distillation campaign ever documented in the history of artificial intelligence development.

Millions of queries to reverse-engineering Claude

The campaign, which ran between April 22 and June 5, used advanced obfuscation methods and proxy networks to evade Anthropic’s behavioral tracking systems. To hide the structural footprint of the extraction, Alibaba operators deployed approximately 25,000 coordinated, fraudulent accounts to generate an astonishing 28.8 million discrete exchanges with Claude.

The focus of the automated queries was highly strategic. Rather than scraping generic chat data, the fraudulent network targeted Anthropic's most advanced and capital-intensive structural behaviors, explicitly targeting Claude’s agentic reasoning patterns, software engineering modules, and long-horizon planning tasks.

What is a distillation attack?

Model distillation is the practice of training a smaller, cheaper AI model using the explicit outputs of a superior, frontier system. Instead of spending hundreds of millions of dollars on foundational research and hardware compute, an adversary can systematically prompt a rival's model, capture its high-level reasoning paths, and feed those answers into their own system as training data, essentially copying the best student's test answers at an industrial scale.

Accelerating the race to match Claude Mythos 5

According to Anthropic, the core objective of the offensive operation was to rapidly accelerate China's domestic capabilities toward matching those of Anthropic's restricted Claude Mythos 5 platform. The timeline of the attack has drawn intense scrutiny in Washington; the bulk data extraction occurred directly after the White House issued an official national security memo explicitly warning foreign actors against the systemic theft of American AI models.

The disclosure adds a massive layer of complexity to Alibaba's ongoing geopolitical battles in the United States. Just weeks ago, the Hangzhou-based company filed a federal lawsuit against the Pentagon, fiercely challenging its recent inclusion on a U.S. Defense Department blacklist tracking commercial entities suspected of providing logistical or technical support to China's People's Liberation Army (PLA).

Alibaba has so far declined to issue a formal corporate response regarding Anthropic's distillation findings.

A new precedent for industrial AI defensive controls.

The unprecedented scale of the Alibaba intrusion completely dwarfs previous distillation campaigns identified by security researchers. In a similar industry warning published in February, Anthropic named three rising Chinese AI labs, DeepSeek, Moonshot AI, and MiniMax, as having collectively generated 16.5 million fraudulent exchanges.

Alibaba's singular operation comfortably surpassed that combined total in a matter of six weeks.

The rapid escalation has prompted U.S. tech giants to fundamentally alter their defense postures. In response to the growing threat of capability cloning, Anthropic, OpenAI, and Google have quietly established a coordinated threat-intelligence alliance to share real-time security telemetry regarding suspicious query patterns.

Concurrently, bipartisan lawmakers in the Senate are leveraging Anthropic's findings to draft immediate amendments to upcoming defense legislation. The proposed regulatory framework would legally mandate the blacklisting and economic sanctioning of any foreign entity verified to be utilizing automated adversarial distillation to mimic American-developed frontier architectures.