Anthropic Accuses Chinese AI Labs of Mining Claude Through 24,000 Fake Accounts
In a stunning revelation that could reshape AI export policy, Anthropic has publicly accused three Chinese AI laboratories of orchestrating a massive distillation attack on Claude, using more than 24,000 fake accounts to extract the model’s most valuable capabilities.
The security breach comes at a critical moment as U.S. policymakers debate the future of AI chip export controls to China—a policy designed to curb Beijing’s rapid AI advancement.
The Scale of the Attack
Anthropic’s investigation uncovered a coordinated effort by DeepSeek, Moonshot AI, and MiniMax that generated more than 16 million exchanges with Claude through fraudulent accounts. The attackers specifically targeted Claude’s most differentiated capabilities:
- Agentic reasoning
- Tool use
- Coding abilities
The distillation technique—normally a legitimate training method used to create smaller, more efficient versions of models—was weaponized to essentially copy the intellectual property of American AI labs.
Attack Breakdown by Company
- DeepSeek: 150,000+ exchanges targeting foundational logic, alignment, censorship workarounds
- Moonshot AI: 3.4 million exchanges targeting agentic reasoning, tool use, coding, computer vision
- MiniMax: 13 million exchanges targeting agentic coding, tool orchestration
Anthropic observed MiniMax redirecting nearly half its traffic to siphon capabilities from the latest Claude model immediately upon launch—a striking example of real-time capability extraction.
Why This Matters for AI Security
The accusations extend beyond corporate espionage. Anthropic warns that models built through illicit distillation are unlikely to retain critical safety safeguards:
“Anthropic and other U.S. companies build systems that prevent state and non-state actors from using AI to, for example, develop bioweapons or carry out malicious cyber activities. Models built through illicit distillation are unlikely to retain those safeguards.”
This creates a dual threat:
- Economic: American AI dominance undermined by stolen capabilities
- National Security: Stripped-down models could be deployed for offensive cyber operations, disinformation campaigns, and mass surveillance
The Chip Export Debate Intensifies
The timing of this revelation is explosive. Last month, the Trump administration formally allowed U.S. companies like Nvidia to export advanced AI chips (including the H200) to China. Critics argued this loosening of export controls would accelerate China’s AI computing capacity.
Anthropic’s findings appear to validate those concerns. The company stated:
“Distillation attacks therefore reinforce the rationale for export controls: restricted chip access limits both direct model training and the scale of illicit distillation.”
The scale of extraction performed by these Chinese labs requires access to advanced chips, according to Anthropic’s analysis.
Expert Reaction
Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike, told TechCrunch:
“It’s been clear for a while now that part of the reason for the rapid progress of Chinese AI models has been theft via distillation of US frontier models. Now we know this for a fact. This should give us even more compelling reasons to refuse to sell any AI chips to any of these companies, which would only advantage them further.”
Key Takeaways
- 24,000+ fake accounts were used to attack Claude
- 16 million exchanges extracted capabilities from the model
- Three Chinese labs implicated: DeepSeek, Moonshot AI, MiniMax
- National security risks extend beyond economic competition
- Chip export controls may tighten in response
For now, Anthropic’s message is clear: the AI cold war has moved from theory to documented reality.